From Segfault
Jump to navigation Jump to search


The emby-server package is available for Arch Linux, other systems may require a different routine:

pacman -Sy emby-server


After its initial start, emby-server should be reachable at port :8096 and can be configured with a web browser. However, we may want to adjust its PROGRAM_DATA directory and its network bindings before we set it up for production:

$ grep ^P /etc/conf.d/emby-server 

Most (all?) of these can be controlled from the web interface also:

$ cat /var/lib/emby/config/system.xml 

The emby.p12 (a private key and a self-signed certificate) must be generated for HTTPS to work:

openssl req    -newkey rsa:2048 -nodes -keyout emby-key.pem -x509 -days 3650 -out emby-cert.pem -subj $SUBJECT 
openssl pkcs12 -inkey emby-key.pem -in emby-cert.pem -export -out emby.p12                                           # Display with openssl pkcs12 -in emby.p12 -nodes

The PKCS 12 export password then needs to be provided to the Emby server as shown above.

We don't want to list all existing users in the login screen:[1], so we set IsHidden to true in all policy files:

for p in $(awk -F= '/^PROGRAM_DATA/ {print $2}' /etc/conf.d/emby-server)/config/users/*/policy.xml; do
         sed 's/IsHidden>false</IsHidden>true</' -i "${p}"

Reverse Proxy

A reverse proxy configuration with Nginx:[2]

     location /emby {
          rewrite /emby/(.*) /$1 break;
          proxy_redirect off;
          proxy_set_header Host            $host;
          proxy_set_header X-Real-IP       $remote_addr;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     #    proxy_set_header If-Range        $http_if_range;
     #    proxy_set_header Range           $http_range;
     #    # WebSockets
     #    proxy_http_version          1.1;
     #    proxy_set_header Upgrade    $http_upgrade;
     #    proxy_set_header Connection "upgrade";
          auth_basic "Restricted";
          auth_basic_user_file "/etc/nginx/.htpasswd";


A missing feature would be Offline Access, as this only works with a paid subscription, even for private libraries. We shall look to other media servers for other reasons[3] too: