Emby to advertise HTTPS when using NGINX

emby Dec 13, 2017

UPDATE - March 2018

The instructions below are now obsolete. There is now a Option within Emby Server > Advanced to automatically configure Emby to advterise itself at HTTPS when going through a Reverse Proxy.

Secure Connection mode needs to be set to 'Handled By Reverse Proxy'

enter image description here

OLD Method Below

If you run Emby behind NGINX, then you would normally Connect to NGINX with HTTPS then NGINX will forward the request over your LAN using HTTP. This prevents double de-crypt/encrypt which uses more CPU cycles.

However if you use Emby Connect or Alexa for Emby then you will probably have noticed that on the Emby Server Dashboard is displays your external connection as HTTP and using port 80, which means Alexa wont work as it requires HTTPS on port 443.

So rather than create a double de-crypt/encrypt scenario we can edit the Emby system.xml file which fakes emby into advertising its external connections on HTTPS and port 443.

First we do need to create a real .pfx cert with a password. There are 2 ways to create a SSL cert:-

  1. Zero SSL Tool Uses an automated tool.
  2. DNS Verification Uses manual TXT records on your DNS.

Once you have that. Head over to your Emby Dashboard and go to Advanced.

Change your settings like the image below

Emby Settings
Public HTTP - 80
Public HTTPS - 443
External Domain - your emby subdomain
SSL Certificate - point it to your .pfx
Certificate password - your .pfx password

Save and Restart Emby.

Now head to your emby server install location. Normally on windows its C:\Users\%username%\AppData\Roaming\Emby-Server\config

open up system.xml in notepad or notepad++ and look for the line


change false to true


save and then restart emby again.

Your emby dashboard should now be advertising https:// on port 443.


Great! You've successfully subscribed.
Great! Next, complete checkout for full access.
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.