PART 3a: Emby with Docker NPM

Peter Evans -

There are a number of ways to connect to your Emby server using HTTPS. This Follows on from Part 2: Cloudflare Setup.

Part 3A: Setting up Emby with NPM Docker Reverse Proxy (Advanced).

Part 3B: This Guide is for Direct Connection (Simple).

Part 3C: Setting up Emby with NGINX on Windows Reverse Proxy (Advanced).

Part 3 a is just one option you have to expose Emby Externally securely. This options uses a Docker Container called Nginx Proxy Manager ot NPM.

If you havent got Docker or Portainer installed yet then a seperate guide will follow.

Router Port Fowarding

This guide wont walk you through setting up port forwarding. It will cover the facts needed for emby and NPM.

On the router, forward port 80 and 443 externally to internal ports 80 and 443 and point them to the IP address of your Docker/Portainer Server. Something like the below. 192.168.100.200 being my Docker Server.

Docker Containers

We require 2 containers, a Database Container and an App Container.

Using Portainer, create a new container with the following.

Name: NPM_DB
Repo: jc21/mariadb-aria:10.4
ENV:
	MYSQL_ROOT_PASSWORD: "arootsqlpassword"
	MYSQL_DATABASE: npm
	MYSQL_USER: npm
	MYSQL_PASSWORD: "asqlpassword"
	PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
Restart Policy: Unless Stopped
Volumes:
	/data/mysql : /var/lib/mysql

The second container is the app

Name: NPM_APP
Repo: jc21/nginx-proxy-manager:latest
Ports:
	80:80
    81:81
    443:443
ENV: 
	DB_MYSQL_HOST: NPM_DB (or IP of the NPM_DB container)
    DB_MYSQL_PORT: 3306
    DB_MYSQL_USER: npm
    DB_MYSQL_PASSWORD: "asqlpassword"
    DB_MYSQL_NAME: npm
Volumes:
      /data : /data
      /letsencrypt : /etc/letsencrypt
Restart Policy: Unless Stopped

Setup NPM

Start both containers and access the NPM web gui at http://**IP of Docker**:81

Create an account and login

Add a New Proxy Host

Enter your domain name, the emby server IP address and the port number.

On the SSL Tab - Request a new SSL Certificate

Complete the questions as shown above. The Cloudflare API is available from your Cloudflare Account.

To get the API token, click the Profile tab top right corner, then API Token tab. Click create token with edit zone DNS and Zone DNS permissions.

This step allows NPM to create a DNS challenge to create an Lets Encrypt SSL Cert.

Emby Settings

The next stage is to update some settings in Emby so that it knows you are using a reverse proxy.

Log Into Emby and head to Server Dashboard and Network

LAN Networks: enter you LAN subnet, usually 192.168.1.0/24 or 192.168.0.0/24

Local Ports are 8096 and 8920

Allow Remote Connections

Public Ports are 80 and 443

External domain: https://emby.mydomain.com

Secure Connection: Handled by reverse proxy

Why are these neeeded. Some plugins which use Emby connect use the URL presented by Emby (found on the dashboard). Without these settings the url would be http://192.168.100.100:8096. This wont work externally. There for these settings update what Emby advertises eg https://emby.mydomain.com:443

All Done

You should now be able to access emby using your domain name over HTTPS

What if it doesnt work?

  1. Check Windows Firewall, temporarily disable it.

If this resolves the issue then you need to add an Allow Rule on the Firewall for Emby ports 8920 and 8096.

2. More to follow.....