❗ All the information provided on this tutorial are for educational purposes only. I'm not responsible for any misuse of this information. If you like the app buy it
Tested on version 4.9.0.28. Last update: September 13, 2024
This tutorial allows you to run Emby Premiere on:
| Emby Premiere | Local device | Remote device |
|---|---|---|
| Web | ✔️* | ✔️ |
| Mobile | ✔️ | ❌ |
| Emby Theater | ✔️ ? | ❌ |
| Other devices | ❓ | ❌ |
* The use of DoH may cause cosmetic issues
Create the working folder
mkdir -p emby/{mb3admin,server}
cd emby.
└── mb3admin
├── certs
│ ├── emby.crt
│ ├── emby.key
│ └── ssl-dhparams.pem
├── Dockerfile
└── nginx.conf
- Change working directory
mkdir certs- Create certs folder
mkdir certs- Generate a self-signed certificate for the fake mb3admin.com server to use:
openssl req -x509 -newkey rsa:2048 -days 36525 -nodes -subj '/CN=mb3admin.com' -addext "subjectAltName = DNS:www.mb3admin.com, DNS:mb3admin.com" -out certs/emby.crt -keyout certs/emby.key- Download
ssl-dhparams.pem
curl https://ssl-config.mozilla.org/ffdhe2048.txt > certs/ssl-dhparams.pem- Create
nginx.conffile
events {
worker_connections 4096; ## Default: 1024
}
http{
server {
listen 80;
listen [::]:80;
server_name mb3admin.com;
return 301 https://mb3admin.com$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name mb3admin.com;
ssl_certificate /certs/emby.crt;
ssl_certificate_key /certs/emby.key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m; # about 40000 sessions
ssl_session_tickets off;
# curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam.pem
ssl_dhparam /certs/ssl-dhparams.pem;
# intermediate configuration
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
location / {
resolver 8.8.8.8 ipv6=off;
set $target https://mb3admin.com;
proxy_pass $target;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /admin/service/registration/validateDevice{
default_type application/json;
return 200 '{"cacheExpirationDays":3650,"message":"Device Valid (limit not checked)","resultCode":"GOOD"}';
}
location /admin/service/registration/validate {
default_type application/json;
return 200 '{"featId":"","registered":true,"expDate":"2099-01-01","key":""}';
}
location /admin/service/registration/getStatus {
default_type application/json;
return 200 '{"planType":"Lifetime","deviceStatus":0,"subscriptions":[]}';
}
location /admin/service/appstore/register {
default_type application/json;
return 200 '{"featId":"","registered":true,"expDate":"2099-01-01","key":""}';
}
location /emby/Plugins/SecurityInfo {
default_type application/json;
return 200 '{SupporterKey:"", IsMBSupporter:true}';
}
add_header Access-Control-Allow-Origin * always;
add_header Access-Control-Allow-Headers * always;
add_header Access-Control-Allow-Method * always;
add_header Access-Control-Allow-Credentials true always;
}
}- Create
Dockerfilefile
FROM nginx
COPY nginx.conf /etc/nginx/nginx.conf
ADD certs /certs.
└── server
├── Dockerfile
└── patch
├── emby.crt
├── ilasm
└── ildasm
- Change working directory
cd server- Create
patchfolder
mkdir patch- Copy
emby.crtfrom../mb3admin/certstopatchfolder
cp ../mb3admin/certs/emby.crt patch- Download
ilasmandildasmfor your architecture and copy inpatchfolder.
You can get it here for arm64(Raspberry Pi 4) architecture. Just double click the binary file inside
runtimes/linux-arm64/nativeand it will automatically download : ilasm ildasm
You can get it here for arm(Raspberry Pi <3) architecture. Just double click the binary file inside
runtimes/linux-arm/nativeand it will automatically download : ilasm ildasm
Or you can download the deb package. You should unpack the
.deband find the executables in./usr/bin/
- Create
Dockerfilefile
FROM linuxserver/emby:beta
ADD patch /patch
RUN chmod +x /patch/ilasm
RUN chmod +x /patch/ildasm
RUN mkdir /patch/tmp
WORKDIR /patch/tmp
RUN /patch/ildasm /app/emby/system/Emby.Web.dll -out=Emby.Web.dll
RUN sed -i 's#ajax({url:"https://mb3admin.com/admin/service/registration/validateDevice?"+new URLSearchParams(params).toString(),type:"POST",dataType:"json"})#Promise.resolve(new Response('"'"'{"cacheExpirationDays":365,"message":"Device Valid","resultCode":"GOOD"}'"'"').json())#g' Emby.Web.dashboard_ui.modules.emby_apiclient.connectionmanager.js
RUN /patch/ilasm -dll Emby.Web.dll -out=/app/emby/system/Emby.Web.dll
RUN cat /patch/emby.crt >> /app/emby/etc/ssl/certs/ca-certificates.crt
.
├── compose.yml
├── mb3admin
│ ├── certs
│ │ ├── emby.crt
│ │ ├── emby.key
│ │ └── ssl-dhparams.pem
│ ├── Dockerfile
│ └── nginx.conf
└── server
├── Dockerfile
└── patch
├── emby.crt
├── ilasm
└── ildasm
⚠️ It is mandatory that the server where the Emby server is running has a DNS configured that resolvesmb3admin.comto the local IP of the nginx server.
-
Now, you have to options:
a. Recommended: Edit your local DNS (Pihole, Adguard, router, bind...) and rewrite
mb3admin.comwith local IP.
b. Edit the hosts file of each device you're going to use Emby.
- Windows:
C:\Windows\System32\drivers\etc\hosts - Linux:
/etc/hosts
<your_local_ip_adress_here> mb3admin.com⚠️ Replace<your_local_ip_adress_here>with the IP of machine where the containers run. - Windows:
-
Create
compose.yml
services:
emby:
build: ./server
container_name: emby
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/London
volumes:
- ./config:/config
- /media/tv:/data/tvshows
- /media/movies:/data/movies
ports:
- 8096:8096
- 8920:8920 #optional
restart: unless-stopped
mb3admin:
build: ./mb3admin
container_name: mb3admin
ports:
- 443:443
restart: unless-stopped
networks:
default:
aliases:
- mb3admin.com- Start containers
docker compose up -d- Check if everything is OK
Execute
docker exec emby bash -c "curl -w '\n' -s --cacert /app/emby/etc/ssl/certs/ca-certificates.crt https://mb3admin.com/admin/service/registration/validateDevice"
If the output is as follows everything is fine
{"cacheExpirationDays":3650,"message":"Device Valid (limit not checked)","resultCode":"GOOD"}
- Open https://mb3admin.com in your browser and accept the self-signed certificate
- Open the Emby Premiere Section in Settings, and write whatever you want in the "Emby Premiere key (paste from e-mail)" and click "Save"
⚠️ You MUST do the above steps for this to work
- Go to
- Windows:
%appdata%\Emby-Theater\system\electronapp - Linux:
/opt/emby-theater/electron/resources/app/
- Open
main.jswith text editor - After this
app.on('window-all-closed', function () {
// On OS X it is common for applications and their menu bar
// to stay active until the user quits explicitly with Cmd + Q
if (process.platform != 'darwin') {
app.quit();
}
});Add this:
app.on('certificate-error', (event, webContents, url, error, certificate, callback) => {
event.preventDefault()
callback(true)
})You DON'T NEED TO DO any extra steps to make it work on Android on local network. First time you open the app it will prompt a dialog to accept self-signed certificate. If this dialog does not appear you have done something wrong.
If you want it to work outside the local network, you need to get a modded apk
You must go to the settings and enable "Allow Untrusted SSL Playback"
Thanks @OrpheeGT for the information
- Change to the folder where the
compose.ymlfile is - Build a new emby image
docker compose build emby --pull --no-cache- Restart container
docker compose up -d- https://gist.github.com/all3kcis/66909ed95755146a6969b32f21171642
- https://mosarin.tech/archives/75/
- https://github.com/acxcx/docker-emby
- @potatoru
- @orangejuice
- @OrpheeGT
- @senhan07
What shall I do then? I followed the guide with attention...