Dietpi + Emby. Updating Emby and enabling SSL

I use my Raspberry Pi 4 4GB as my file server and Emby server. Dietpi does an awesome job of simplifying the installation and configuration of Radarr, Sonarr, Deluge, NZBGet, and Jackett… so there’s no point in me talking about that. It also does a great job of initially installing emby, but after that, its pretty much on you.

Disclaimer: I am by no means an expert, in either linux or Dietpi. With that said, I’ve spent a lot of time and effort on getting Emby set up exactly how I want. I suspect others have duplicated my efforts with mixed results, and my hope is to help in their endeavors. Even if it doesn’t, just putting this on the internet allows me a quick place to reference it if I have to do this again.


Updating Emby:
So a new version of Emby comes out and you want to update to it. There is no easy way to update within Emby like there is for some of the other programs listed above. The only solution is to download the new version and manually install. Dietpi, takes the work out of it for us, however. (thanks to DietPi’s twitter for this solution: https://twitter.com/DietPi_/status/1200842666256326656?s=20)

Step 1: Perform a backup of DietPi. I’ve done this twice now and did not lose my settings either time, but having a backup will allow you to easily restore it in case Step 2 is more eventful for you than it has been for me.

Step 2: Login to your dietpi as root, and run the following:

dietpi-software reinstall 41

This will pull the latest version and install it over the current version. It should retain all your settings, but just in case… you performed step 1, right?

Done.

Configuring Emby with encryption/HTTPS:
Thanks go to aldopi for this method (much easier/more secure and reliable than my own)

A couple pre-requisites:
First, this only works if using lighttpd as your webserver.

Step 1: Get certificates (this is the part I said DietPi makes easy)
on your dietpi, run:

dietpi-letsencrypt

The “domain” should be the DDNS address pointing at your dietpi server, the rest is pretty much up to you.

Step 2: In /etc/lighttpd/conf-available/ edit the file “10-proxy.conf” to add the lines:

$HTTP["url"] =~ "^/emby" {
    proxy.server = ( "" => ( ( "host" => "127.0.0.1", "port" => "8096" ) ) )
    proxy.header = ( "upgrade" => "enable" )
}

Step 3: Now save that file and run the following command:

sudo ln -s ../conf-available/10-proxy.conf /etc/lighttpd/conf-enabled/

Step 4: Restart lighttpd by rebooting or the following command:

/etc/init.d/lighttpd restart

You’re done. Your emby server should be accessible at https://YOURDOMAIN/emby

Let me know if you run any issues and we can troubleshoot/update this guide.

PROTIP: If you want to enable hardware accelerated h264 encoding (likely for the purpose of transcoding) on the Raspberry Pi, you will need to dedicate at least 128mb to GPU memory. Otherwise it will fail and fall back to software encoding.

Nice guide, thanks for this. Possibly an easier way is to download the .deb and then install via dpkg -i *.deb.

If you are concerned about exposing ports to access emby from ouside your LAN you can setup a reverse proxy.

I didn’t go the reverse proxy route, but I saw that a lot of people had success with it. As for the download and install the *.deb route for updating, that appears to be exactly what “dietpi-software reinstall 41” does… at least by my understanding of it. Either way, it worked extremely smoothly for me and I didn’t have to do anything manually to do it.

Step 3: While in /etc/letsencrypt/renewal-hooks/post/ run the command "chmod 777 embycert.sh" to prevent any issues (i had some that this solved.... ymmv).

The command does not seem to do anything for me. I’m running raspberry pi 4b with dietpi. All files and folders are available as required in the script but no files are generated in the /certs folder. Would you please have any suggestions?

HI,

what exactly is the command you are going to execute that is not working?

This command “chmod 777 embycert.sh”

this command is changing file system permissions only. it did not execute anything. Did you checked file system permissions of embycert.sh??

As Joulinar said, that command is only modifying permissions (making the .sh file executable, to be specific). It will not generate any new files.

Sorry to ask for help but i’m a newbie here!
I want to update my Emby server 4.3.1.0 (it’s working ok btw) to the latest stable version available, ok?
In the beginning you say “…The only solution is to download the new version and manually install…” but i don’t know where to download it.
CAn you help me here?
Thanks in advance

I guess this is described on first post - step 2

Step 2: Login to your dietpi as root, and run the following:

dietpi-software reinstall 41

>
> This will pull the latest version and install it over the current version. It should retain all your settings, but just in case... you performed step 1, right?
>
> Done.

Thanks a lot Mate, done and working perfectly

Hi,

I was looking for a way to access to my Emby server from outside using https.
I found this thread and this one https://dietpi.com/phpbb/viewtopic.php?t=7758&start=40.
I wanted first to find a way with HAproxy then I said to myself “why trying this way when there’s possibly an other way with lighttpd ?”.
Since I’ve installed nextcloud, I understood that it’s using vhost for that.
In /etc/lighttpd/conf-available/ there’s a file called: 10-proxy.conf

I’ve added those lines:

$HTTP["url"] =~ "^/emby" {
    proxy.server = ( "" => ( ( "host" => "127.0.0.1", "port" => "8096" ) ) )
    proxy.header = ( "upgrade" => "enable" )
}

I can access to my Emby server now from https://mydomain.fr/emby.

I hope that this solution will help someone else.
I need to say I’m new in DietPi world, I have tiny knowledge in Linux.
So, it may not be the most secure way of doing, well, if someone has something to say to improve it, I will be ok!

that’s pretty fine and much easier than HAproxy. Enabling the configuration is usually done by creating a sym link from conf-enabled to conf-available. However, moving 10-proxy.conf to conf-enabled is working same way.

My bad I forgot to say that I did

sudo ln -s ../conf-available/10-proxy.conf /etc/lighttpd/conf-enabled/

and restarted the lighttpd service.

Alternative: lighty-enable-mod proxy

personally I’m still more in favour of Nginx as revers proxy. On lighttpd I’m always struggling how to do it

I don’t disagree… but it sure would be nice if emby automatically imported the necessary certificate format from letsencrypt, or letsencrypt exported the necessary format for emby. Either way would be convenient.

I blame emby for being difficult (since I expect better from paid software).

well from security point of view, creating a revers proxy might be better option anyway. This way you could reduce number of ports you would need to open towards internet

I just wanted to say that I recently needed to rebuild my server, and I went with your method for encrypting.

It works beautifully. In fact, with your permission, I’d like to edit my original post with this as the primary method (with credit where it’s due, of course)…since it is far simpler.

Hi,

I’m (lately) happy to know that this soltuion helped someone.