Bitpicker 2 Posted December 4, 2022 Posted December 4, 2022 The "Emby Connect" log in page is showing as not secure. When I tried to see the ssl certificate information, there was nothing to see. Please, this needs to be fixed asap. This leave a gigantic hole open for capturing your users log in formation!
Happy2Play 9360 Posted December 4, 2022 Posted December 4, 2022 You are required to navigate to https://app.emby.media as not all users have SSL Moving from CSS forum.
shallax 0 Posted December 4, 2022 Posted December 4, 2022 This just sounds like a bad idea, it’s supporting people not setting up SSL and being insecure. Wouldn’t it be better to just make something like LetsEncrypt a one-click installation rather than risk letting people get snooped?
Luke 39685 Posted December 4, 2022 Posted December 4, 2022 1 hour ago, shallax said: This just sounds like a bad idea, it’s supporting people not setting up SSL and being insecure. Wouldn’t it be better to just make something like LetsEncrypt a one-click installation rather than risk letting people get snooped? If all devices accepted letsencrypt certs then yes, that would make sense. But otherwise it just leads to reports of not working, unable to connect, etc. When the day comes that we know all servers have ssl, then we'll be able to force to hosted web app to https only.
CRK1918 0 Posted January 24, 2023 Posted January 24, 2023 Can they use secure connections first? If the secure connection does not work, the secure connection website will prompt the user to use an available incomplete connection. At least the user has some vigilance.
Bitpicker 2 Posted January 24, 2023 Author Posted January 24, 2023 I pointed that out quite a while ago. The question is…. At what point does the connection become encrypted. Before or after login. Today’s best practice says all websites should be using security (https). 1
Luke 39685 Posted March 13, 2023 Posted March 13, 2023 On 1/24/2023 at 1:07 PM, CRK1918 said: Can they use secure connections first? If the secure connection does not work, the secure connection website will prompt the user to use an available incomplete connection. At least the user has some vigilance. if you setup https on your Emby Server, and your server dashboard displays your remote address as https, then that's what Emby apps will use when connecting remotely. 1
dustart 8 Posted March 8 Posted March 8 On 3/13/2023 at 8:55 PM, Luke said: if you setup https on your Emby Server, and your server dashboard displays your remote address as https, then that's what Emby apps will use when connecting remotely. Hello Luke i have question why emby not redirect by automatic like clasic web sites does , why when i go to mydomain.com:8096 and if i typed only that it wil go without ssl why not redirect by automatic to ssl it wil redirect only when i click continue .. Or if i opened with https
Luke 39685 Posted March 8 Posted March 8 4 hours ago, dustart said: Hello Luke i have question why emby not redirect by automatic like clasic web sites does , why when i go to mydomain.com:8096 and if i typed only that it wil go without ssl why not redirect by automatic to ssl it wil redirect only when i click continue .. Or if i opened with https Hi there, how have you configured emby server network settings? Do you use a reverse proxy? 1
dustart 8 Posted March 8 Posted March 8 4 minutes ago, Luke said: Hi there, how have you configured emby server network settings? Do you use a reverse proxy? Added domain from dynu and certificate from Certify. And all works but only this will always open my link with domainname: + port is it posible to open just domain without port and allways to go to https , it will open https if i enter but if i go to directly to domain name it will not redirect to https ...
Luke 39685 Posted March 8 Posted March 8 28 minutes ago, dustart said: Added domain from dynu and certificate from Certify. And all works but only this will always open my link with domainname: + port is it posible to open just domain without port and allways to go to https , it will open https if i enter but if i go to directly to domain name it will not redirect to https ... Is that all you configured in Emby Server network settings? 1
dustart 8 Posted March 8 Posted March 8 2 hours ago, Luke said: Is that all you configured in Emby Server network settings? And option secure conection mode i chosen required for all remote conections. What else i need to configure ?
Luke 39685 Posted March 10 Posted March 10 Quote but if i go to directly to domain name it will not redirect to https What do you mean by this exactly? How are you doing this? 1
dustart 8 Posted March 10 Posted March 10 10 hours ago, Luke said: What do you mean by this exactly? How are you doing this? Nevermind i instaled ngnix proxy menager and only turn on redirection from http to https. Fixed problem for me.. 1 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now