HTTPS Support

[BC101 31]

Yup and it will need to be called out for users of the ATV plugin, that it must run on port 80/443 (unless you throw a proxy infront somewhere)

Edited January 9, 2014 by BC101

[Luke 37251]

We'll have https, not to worry.

[Beardyname 195]

@@Luke sweeps in and saves the day!

[Koleckai Silvestri 1150]

Only kind of public roadmap is here: https://github.com/MediaBrowser/MediaBrowser/issues?labels=&milestone=&page=1&state=open

 

Doesn't really specify timeframes though.

[pünktchen 1261]

Well it only took Plex 4 years to implement it and they have made millions on their apps and subscriptions.

But it took only 1 year for WebMediaPortal the webservice of MediaPortal which is developed mostly by 1 Person Edited April 11, 2014 by pünktchen

[pünktchen 1261]

We'll have https, not to worry.

Any ETA on this?

 

Btw. is there any roadmap or issue tracker for mediabrowser development?

[Deihmos 147]

It looks like Plex offers https support. http://elan.plexapp.com/2013/08/12/plex-media-server-0-9-8-4-public-release/

Well it only took Plex 4 years to implement it and they have made millions on their apps and subscriptions.

Edited April 11, 2014 by Deihmos

[altramarine 21]

Patiently praying for this to realize!

+1

[altramarine 21]

Thanks, good to know.

[Menissalt 13]

We'll have https, not to worry.

 

 

This will be a good thing when we get it. I'm really loving the devs and the community here.

[Luke 37251]

I'm glad to hear that. If you guys can help us find some more developers that I can offload these tasks to, then you can see these things realized a little faster

[altramarine 21]

Hi there,

Would Tor Browser offer any sort of security till MB HTTPS is available?

Sorry, I am not 100% sure how it works but I though it was interesting.

 

Thanks,

[Koleckai Silvestri 1150]

Hi there,

Would Tor Browser offer any sort of security till MB HTTPS is available?

Sorry, I am not 100% sure how it works but I though it was interesting.

 

Thanks,

 

No... Server determines the security and you cannot use Tor Browser to connect with MediaBrowser Apps.

 

If you use TOR to access an insecure server, the connection is insecure.

Edited May 27, 2014 by Wayne Luke

[altramarine 21]

Wish i had some programming skills to help out. It's been 10 or so years since i studied C, C++.

[motey 2]

As a simple workaround while waiting for https, you could use an apache(or iis, any webserver, vm with a webserver or whatever you like) as an proxy.

You deny mediabrowser to communicate to the internet (switch off nat for port 8096 on your router) and configure your apache to proxy your Mediabrowser webinterface in https.

A simple example Apache conf could look like this:

<IfModule mod_ssl.c>
<VirtualHost *:443>
        HostnameLookups Off
        ServerName      webserver:443
        SSLEngine on
        SSLCertificateFile      /etc/apache2/ssl/apache.crt
        SSLCertificateKeyFile   /etc/apache2/ssl/apache.key

        ErrorLog        /var/log/www/proxy/error.log
        <Proxy *>
                AddDefaultCharset off
                Order allow,deny
                Allow from all
        </Proxy>

        ProxyRequests Off
        ProxyPass / http://mbserver:8096/
        ProxyPassReverse / http://mbserver:8096/
</VirtualHost>
</IfModule>

Then you can just simply NAT the webserver outside on port 443.

et voila, you have https

[motey 2]

As a simple workaround while waiting for https, you could use an apache(or iis, any webserver, vm with a webserver or whatever you like) as an proxy.

You deny mediabrowser to communicate to the internet (switch off nat for port 8096 on your router) and configure your apache to proxy your Mediabrowser webinterface in https.

A simple example Apache conf could look like this:

<IfModule mod_ssl.c>
<VirtualHost *:443>
        HostnameLookups Off
        ServerName      webserver:443
        SSLEngine on
        SSLCertificateFile      /etc/apache2/ssl/apache.crt
        SSLCertificateKeyFile   /etc/apache2/ssl/apache.key

        ErrorLog        /var/log/www/proxy/error.log
        <Proxy *>
                AddDefaultCharset off
                Order allow,deny
                Allow from all
        </Proxy>

        ProxyRequests Off
        ProxyPass / http://mbserver:8096/
        ProxyPassReverse / http://mbserver:8096/
</VirtualHost>
</IfModule>

Then you can just simply NAT the webserver outside on port 443.

et voila, you have https

Ok, tested this. It doesnt work. You also have to proxy the websocket port. Apache is not able to do this. There are only some beta mods for apache to proxy websockets. But nothing that is wokring out of the box (http://serverfault.com/questions/290121/configuring-apache2-to-proxy-websocket) But with nginx this should work.

I will report back here when i have found a working solution.

[nabsboss 2]

Hi guys !

 

Any fresh news for https ?

[nabsboss 2]

i understand and you're right Luke !

 

Hi gyus, be contributors please !!!!!

[nabsboss 2]

I don't find the websocket number port ! What it is ?

 

thanks

[Koleckai Silvestri 1150]

It is only needed on Windows 7. Windows 8 handles it automatically. 

 

If you're using Windows 7, the default web socket port is 8945.

[nabsboss 2]

thks

[Luke 37251]

It's on the roadmap.

 

By the way, we love it when new contributors get proactive and decide to help us.

[mbnwa 49]

UPDATE: It seems if you log out of the iPad app (maybe others) you can not log back in the Web GUI seems to work just fine however App's do not seem to like the redirect for the auth token even though it would seem it works if you have the device registered before making the change. I am not sure this is something that can be resolved with out app developers help and seeing this is not an official fix I doubt that will happen.

 

What I have done is the following:

Reconfigure Media Browser Server to listen on 8095 and setup NginX to listen on 8096 redirecting all traffic that comes in as http ==> https (seems to work with all clients I have tested after the initial request is made via http) (I have a 3rd party SSL cert - I am using NameCheap for 9.95yr)

 

Install NginX from nginx/Windows-1.7.6 to c:\ and added a directory inside the NginX folder called ssl

 

take the below config and overwrite NginX/conf/nginx.conf

 

Create a self signed ssl cert or get a 3rd party SSL cert (Self Signed certs may not work with 3rd party clients due to the SSL warning that would be presented) and place into the NginX/ssl directory and update the config with the CRT and KEY names accordingly.

 

Start NginX

 

Config:

#user  nobody;

worker_processes  4;

 

#error_log  logs/error.log;

#error_log  logs/error.log  notice;

#error_log  logs/error.log  info;

 

#pid        logs/nginx.pid;

 

 

events {

    worker_connections  1024;

}

 

http {

 

types_hash_max_size 2048;

client_header_buffer_size 16k;

client_max_body_size 64m;

large_client_header_buffers 12 16k;

client_body_buffer_size 1024k;

 

tcp_nopush on;

keepalive_timeout 15;

tcp_nodelay on;

 

server {

        listen 8096  ssl;

        ssl_certificate /nginx-1.7.6/ssl/ssl_cert.crt;

        ssl_certificate_key /nginx-1.7.6/ssl/ss_cert_key.key;

 

 

        error_page 497  https://$host:$server_port$request_uri;

        location /{

            proxy_pass http://localhost:8095;

            proxy_redirect off;

            proxy_set_header Host $host:$server_port;

            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

            proxy_set_header X-Forwarded-Ssl on;

        }

}

 

}

Edited October 12, 2014 by mbnwa