likecyber · February 5, 2025 18:01 · rom4ikz · Feb 4, 2025 · thebaskos · Feb 4, 2025
diff --git a/EmbyUpdateWithPatch.sh b/EmbyUpdateWithPatch.sh
 #!/bin/bash

 # The script must be executed as the root user, or it will fail.
 # You must have "Container Manager" installed before running this script.
 # Additionally, "Emby Server" must be running or the script will do nothing.
 # Manually run the script once to apply free Emby Premiere patch.

 # Make sure to update the ASSET_PREFIX and ASSET_SUFFIX based on your Synology model.
 # Check your asset prefix and suffix from here: https://github.com/MediaBrowser/Emby.Releases/releases/latest
 # CAUTION: Tested only on emby-server-synology72_4.8.10.0_x86_64.spk. Compatibility with other versions is no guarantee.

 CONTAINER="emby-premiere"
 IMAGE="docker-emby-premiere"
 WORKDIR="/volume1/docker-emby-premiere"

 ASSET_PREFIX="emby-server-synology72_"
 ASSET_SUFFIX="_x86_64.spk"

 HOSTNAME="mb3admin.com"
 HOSTS="/etc/hosts"
 PKG="EmbyServer"
 SPK="emby-server.spk"

 if [ "$(synopkg status "$PKG" | jq -r ".aspect.active.status")" != "running" ]; then
    exit 0
 fi

 if [ ! -d "$WORKDIR/certs" ]; then
    mkdir -p "$WORKDIR/certs"
 fi

 cd "$WORKDIR"

 if [ ! -f "certs/emby.crt" ] || [ ! -f "certs/emby.key" ]; then
    openssl req -x509 -newkey rsa:2048 -days 36525 -nodes -subj '/CN=mb3admin.com' -addext "subjectAltName = DNS:www.mb3admin.com, DNS:mb3admin.com" -out "certs/emby.crt" -keyout "certs/emby.key"
 fi
 if [ ! -f "certs/ssl-dhparams.pem" ]; then
    curl -sSL "https://ssl-config.mozilla.org/ffdhe2048.txt" > "certs/ssl-dhparams.pem"
 fi

 if [ -z "$(docker images --quiet "$IMAGE")" ]; then
    if [ ! -f "nginx.conf" ]; then
        echo -e "events {\n\tworker_connections 4096;\n}\n\nhttp {\n\tserver {\n\t\tlisten 443 ssl http2;\n\t\tlisten [::]:443 ssl http2;\n\t\tserver_name mb3admin.com;\n\n\t\tssl_certificate /certs/emby.crt;\n\t\tssl_certificate_key /certs/emby.key;\n\t\tssl_session_timeout 1d;\n\t\tssl_session_cache shared:SSL:10m;\n\t\tssl_session_tickets off;\n\n\t\tssl_dhparam /certs/ssl-dhparams.pem;\n\n\t\tssl_protocols TLSv1.2 TLSv1.3;\n\t\tssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;\n\t\tssl_prefer_server_ciphers off;\n\n\t\tlocation / {\n\t\t\tresolver 1.1.1.1 ipv6=off;\n\t\t\tset \$target https://mb3admin.com;\n\t\t\tproxy_pass \$target;\n\t\t\tproxy_set_header Host \$host;\n\t\t\tproxy_set_header X-Real-IP \$remote_addr;\n\t\t\tproxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;\n\t\t\tproxy_set_header X-Forwarded-Proto \$scheme;\n\t\t}\n\n\t\tlocation /admin/service/registration/validateDevice {\n\t\t\tdefault_type application/json;\n\t\t\treturn 200 '{\"cacheExpirationDays\":3650,\"message\":\"Device Valid (limit not checked)\",\"resultCode\":\"GOOD\"}';\n\t\t}\n\n\t\tlocation /admin/service/registration/validate {\n\t\t\tdefault_type application/json;\n\t\t\treturn 200 '{\"featId\":\"\",\"registered\":true,\"expDate\":\"2099-01-01\",\"key\":\"\"}';\n\t\t}\n\n\t\tlocation /admin/service/registration/getStatus {\n\t\t\tdefault_type application/json;\n\t\t\treturn 200 '{\"planType\":\"Lifetime\",\"deviceStatus\":0,\"subscriptions\":[]}';\n\t\t}\n\n\t\tlocation /admin/service/appstore/register {\n\t\t\tdefault_type application/json;\n\t\t\treturn 200 '{\"featId\":\"\",\"registered\":true,\"expDate\":\"2099-01-01\",\"key\":\"\"}';\n\t\t}\n\n\t\tadd_header Access-Control-Allow-Origin * always;\n\t\tadd_header Access-Control-Allow-Headers * always;\n\t\tadd_header Access-Control-Allow-Method * always;\n\t\tadd_header Access-Control-Allow-Credentials true always;\n\t}\n}" > "nginx.conf"
    fi
    if [ ! -f "Dockerfile" ]; then
        echo -e "FROM nginx\nCOPY nginx.conf /etc/nginx/nginx.conf" > "Dockerfile"
    fi
    docker build --no-cache --tag "$IMAGE" .
 fi

 if ! docker ps --filter "name=$CONTAINER" --format "{{.Names}}" | grep -qx "$CONTAINER"; then
    if docker ps --all --filter "name=$CONTAINER" --format "{{.Names}}" | grep -qx "$CONTAINER"; then
        docker rm "$CONTAINER"
    fi
    docker run --name "$CONTAINER" --volume "$WORKDIR/certs:/certs" --restart "unless-stopped" --detach "$IMAGE:latest"
 fi

 container_ip=$(docker inspect --format "{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}" "$CONTAINER")
 if ! grep -qx "$container_ip $HOSTNAME" "$HOSTS"; then
    if grep -qw "$HOSTNAME" "$HOSTS"; then
        sed -i "/$HOSTNAME/c\\$container_ip $HOSTNAME" "$HOSTS"
    else
        echo "$container_ip $HOSTNAME" >> "$HOSTS"
    fi
 fi

 current_build=$(synopkg version "$PKG")
 current_version=$(echo $current_build | cut -d'-' -f1)
 latest_release=$(curl -sSL "https://api.github.com/repos/MediaBrowser/Emby.Releases/releases/latest")
 latest_version=$(echo $latest_release | jq -r ".name")
 if [ "$current_version" != "$latest_version" ]; then
    curl -sSL -o "$SPK" "$(echo $latest_release | jq -r ".assets[] | select(.name | startswith(\"$ASSET_PREFIX\") and endswith(\"$ASSET_SUFFIX\")) | .browser_download_url")"
    latest_build=$(synopkg query "$SPK" | grep -oP "Package version:\s+\K[^\s]+")
    if [ "$current_build" != "$latest_build" ]; then
        synopkg stop "$PKG"
        install_result=$(synopkg install "$SPK")
        if [ "$(echo $install_result | jq -r '.success')" != "true" ]; then
            echo "$SPK Installation Error!"
            echo "$install_result"
            exit 1
        fi
    fi
    rm -f "$SPK"
 fi

 if [ ! -f "/var/packages/$PKG/target/patched" ]; then
    synopkg stop "$PKG"
    cat "certs/emby.crt" >> "/var/packages/$PKG/target/etc/ssl/certs/ca-certificates.crt"
    echo "window.originalFetch=window.fetch,window.fetch=function(t,e){return t.startsWith('https://$HOSTNAME/admin/service/registration/validateDevice')?Promise.resolve({status:200,json:()=>({cacheExpirationDays:3650,message:'Device Valid (limit not checked)',resultCode:'GOOD'})}):t.startsWith('https://$HOSTNAME/admin/service/registration/getStatus')?Promise.resolve({status:200,json:()=>({planType:'Lifetime',deviceStatus:0,subscriptions:[]})}):originalFetch(t,e)};" >> "/var/packages/$PKG/target/system/dashboard-ui/apploader.js"
    touch "/var/packages/$PKG/target/patched"
    synopkg start "$PKG"
 fi
	#!/bin/bash

	# The script must be executed as the root user, or it will fail.
	# You must have "Container Manager" installed before running this script.
	# Additionally, "Emby Server" must be running or the script will do nothing.
	# Manually run the script once to apply free Emby Premiere patch.

	# Make sure to update the ASSET_PREFIX and ASSET_SUFFIX based on your Synology model.
	# Check your asset prefix and suffix from here: https://github.com/MediaBrowser/Emby.Releases/releases/latest
	# CAUTION: Tested only on emby-server-synology72_4.8.10.0_x86_64.spk. Compatibility with other versions is no guarantee.

	CONTAINER="emby-premiere"
	IMAGE="docker-emby-premiere"
	WORKDIR="/volume1/docker-emby-premiere"

	ASSET_PREFIX="emby-server-synology72_"
	ASSET_SUFFIX="_x86_64.spk"

	HOSTNAME="mb3admin.com"
	HOSTS="/etc/hosts"
	PKG="EmbyServer"
	SPK="emby-server.spk"

	if [ "$(synopkg status "$PKG" \| jq -r ".aspect.active.status")" != "running" ]; then
	exit 0
	fi

	if [ ! -d "$WORKDIR/certs" ]; then
	mkdir -p "$WORKDIR/certs"
	fi

	cd "$WORKDIR"

	if [ ! -f "certs/emby.crt" ] \|\| [ ! -f "certs/emby.key" ]; then
	openssl req -x509 -newkey rsa:2048 -days 36525 -nodes -subj '/CN=mb3admin.com' -addext "subjectAltName = DNS:www.mb3admin.com, DNS:mb3admin.com" -out "certs/emby.crt" -keyout "certs/emby.key"
	fi
	if [ ! -f "certs/ssl-dhparams.pem" ]; then
	curl -sSL "https://ssl-config.mozilla.org/ffdhe2048.txt" > "certs/ssl-dhparams.pem"
	fi

	if [ -z "$(docker images --quiet "$IMAGE")" ]; then
	if [ ! -f "nginx.conf" ]; then
	echo -e "events {\n\tworker_connections 4096;\n}\n\nhttp {\n\tserver {\n\t\tlisten 443 ssl http2;\n\t\tlisten [::]:443 ssl http2;\n\t\tserver_name mb3admin.com;\n\n\t\tssl_certificate /certs/emby.crt;\n\t\tssl_certificate_key /certs/emby.key;\n\t\tssl_session_timeout 1d;\n\t\tssl_session_cache shared:SSL:10m;\n\t\tssl_session_tickets off;\n\n\t\tssl_dhparam /certs/ssl-dhparams.pem;\n\n\t\tssl_protocols TLSv1.2 TLSv1.3;\n\t\tssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;\n\t\tssl_prefer_server_ciphers off;\n\n\t\tlocation / {\n\t\t\tresolver 1.1.1.1 ipv6=off;\n\t\t\tset \$target https://mb3admin.com;\n\t\t\tproxy_pass \$target;\n\t\t\tproxy_set_header Host \$host;\n\t\t\tproxy_set_header X-Real-IP \$remote_addr;\n\t\t\tproxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;\n\t\t\tproxy_set_header X-Forwarded-Proto \$scheme;\n\t\t}\n\n\t\tlocation /admin/service/registration/validateDevice {\n\t\t\tdefault_type application/json;\n\t\t\treturn 200 '{\"cacheExpirationDays\":3650,\"message\":\"Device Valid (limit not checked)\",\"resultCode\":\"GOOD\"}';\n\t\t}\n\n\t\tlocation /admin/service/registration/validate {\n\t\t\tdefault_type application/json;\n\t\t\treturn 200 '{\"featId\":\"\",\"registered\":true,\"expDate\":\"2099-01-01\",\"key\":\"\"}';\n\t\t}\n\n\t\tlocation /admin/service/registration/getStatus {\n\t\t\tdefault_type application/json;\n\t\t\treturn 200 '{\"planType\":\"Lifetime\",\"deviceStatus\":0,\"subscriptions\":[]}';\n\t\t}\n\n\t\tlocation /admin/service/appstore/register {\n\t\t\tdefault_type application/json;\n\t\t\treturn 200 '{\"featId\":\"\",\"registered\":true,\"expDate\":\"2099-01-01\",\"key\":\"\"}';\n\t\t}\n\n\t\tadd_header Access-Control-Allow-Origin * always;\n\t\tadd_header Access-Control-Allow-Headers * always;\n\t\tadd_header Access-Control-Allow-Method * always;\n\t\tadd_header Access-Control-Allow-Credentials true always;\n\t}\n}" > "nginx.conf"
	fi
	if [ ! -f "Dockerfile" ]; then
	echo -e "FROM nginx\nCOPY nginx.conf /etc/nginx/nginx.conf" > "Dockerfile"
	fi
	docker build --no-cache --tag "$IMAGE" .
	fi

	if ! docker ps --filter "name=$CONTAINER" --format "{{.Names}}" \| grep -qx "$CONTAINER"; then
	if docker ps --all --filter "name=$CONTAINER" --format "{{.Names}}" \| grep -qx "$CONTAINER"; then
	docker rm "$CONTAINER"
	fi
	docker run --name "$CONTAINER" --volume "$WORKDIR/certs:/certs" --restart "unless-stopped" --detach "$IMAGE:latest"
	fi

	container_ip=$(docker inspect --format "{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}" "$CONTAINER")
	if ! grep -qx "$container_ip $HOSTNAME" "$HOSTS"; then
	if grep -qw "$HOSTNAME" "$HOSTS"; then
	sed -i "/$HOSTNAME/c\\$container_ip $HOSTNAME" "$HOSTS"
	else
	echo "$container_ip $HOSTNAME" >> "$HOSTS"
	fi
	fi

	current_build=$(synopkg version "$PKG")
	current_version=$(echo $current_build \| cut -d'-' -f1)
	latest_release=$(curl -sSL "https://api.github.com/repos/MediaBrowser/Emby.Releases/releases/latest")
	latest_version=$(echo $latest_release \| jq -r ".name")
	if [ "$current_version" != "$latest_version" ]; then
	curl -sSL -o "$SPK" "$(echo $latest_release \| jq -r ".assets[] \| select(.name \| startswith(\"$ASSET_PREFIX\") and endswith(\"$ASSET_SUFFIX\")) \| .browser_download_url")"
	latest_build=$(synopkg query "$SPK" \| grep -oP "Package version:\s+\K[^\s]+")
	if [ "$current_build" != "$latest_build" ]; then
	synopkg stop "$PKG"
	install_result=$(synopkg install "$SPK")
	if [ "$(echo $install_result \| jq -r '.success')" != "true" ]; then
	echo "$SPK Installation Error!"
	echo "$install_result"
	exit 1
	fi
	fi
	rm -f "$SPK"
	fi

	if [ ! -f "/var/packages/$PKG/target/patched" ]; then
	synopkg stop "$PKG"
	cat "certs/emby.crt" >> "/var/packages/$PKG/target/etc/ssl/certs/ca-certificates.crt"
	echo "window.originalFetch=window.fetch,window.fetch=function(t,e){return t.startsWith('https://$HOSTNAME/admin/service/registration/validateDevice')?Promise.resolve({status:200,json:()=>({cacheExpirationDays:3650,message:'Device Valid (limit not checked)',resultCode:'GOOD'})}):t.startsWith('https://$HOSTNAME/admin/service/registration/getStatus')?Promise.resolve({status:200,json:()=>({planType:'Lifetime',deviceStatus:0,subscriptions:[]})}):originalFetch(t,e)};" >> "/var/packages/$PKG/target/system/dashboard-ui/apploader.js"
	touch "/var/packages/$PKG/target/patched"
	synopkg start "$PKG"
	fi