Emby

From Segfault
Jump to navigation Jump to search

Installation

The emby-server package is available for Arch Linux, other systems may require a different routine:

pacman -Sy emby-server

Configuration

After its initial start, emby-server should be reachable at port :8096 and can be configured with a web browser. However, we may want to adjust its PROGRAM_DATA directory and its network bindings before we set it up for production:

$ grep ^P /etc/conf.d/emby-server 
PROGRAM_DATA=/var/lib/emby

Most (all?) of these can be controlled from the web interface also:

$ cat /var/lib/emby/config/system.xml 
[...]
 <EnableUPnP>false</EnableUPnP>
 <PublicPort>8096</PublicPort>
 <PublicHttpsPort>8920</PublicHttpsPort>
 <HttpServerPortNumber>8096</HttpServerPortNumber>
 <HttpsPortNumber>8920</HttpsPortNumber>
 <EnableHttps>true</EnableHttps>
 <CertificatePath>/var/lib/emby/config/emby.p12</CertificatePath>
 <CertificatePassword>s3cr3t</CertificatePassword>
 <EnableRemoteAccess>true</EnableRemoteAccess>

The emby.p12 (a private key and a self-signed certificate) must be generated for HTTPS to work:

SUBJECT='/C=CZ/ST=PR/L=PR/O=Emby/OU=None/CN=localhost/emailAddress=emby@example.org'
openssl req    -newkey rsa:2048 -nodes -keyout emby-key.pem -x509 -days 3650 -out emby-cert.pem -subj $SUBJECT 
openssl pkcs12 -inkey emby-key.pem -in emby-cert.pem -export -out emby.p12                                           # Display with openssl pkcs12 -in emby.p12 -nodes

The PKCS 12 export password then needs to be provided to the Emby server as shown above.

We don't want to list all existing users in the login screen:[1], so we set IsHidden to true in all policy files:

for p in /var/lib/emby/config/users/*/policy.xml; do sed 's/IsHidden>false</IsHidden>true</' -i $p; done

Reverse Proxy

A reverse proxy configuration with Nginx:[2]

     location /emby {
          rewrite /emby/(.*) /$1 break;
          proxy_pass http://127.0.0.1:8096;
          proxy_redirect off;
          proxy_set_header Host            $host;
          proxy_set_header X-Real-IP       $remote_addr;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     #    proxy_set_header If-Range        $http_if_range;
     #    proxy_set_header Range           $http_range;
     #    # WebSockets
     #    proxy_http_version          1.1;
     #    proxy_set_header Upgrade    $http_upgrade;
     #    proxy_set_header Connection "upgrade";
  
          auth_basic "Restricted";
          auth_basic_user_file "/etc/nginx/.htpasswd";

TODO

A missing feature would be Offline Access, as this only works with a paid subscription, even for private libraries. We shall look to other media servers for other reasons[3] too:

Links

References