Jump to content
Untoten

SSL Integration/Support

Recommended Posts

Untoten

Status:  Initiated Blueprint

  • Luke has investigated this, unclear the progress on universal development.  App devs have not begun dev for this.  Once Luke builds core compatibility it may be 3+ months before app/client SSL adoption.
  • Spread the word!  Let's make it known how many Emby users would love to see this feature!

I have seen scattered, unorganized requests for this that seemed to die, so this will serve to centralize all support for SSL and to track responses/feedback.

 

This is to request Emby support SSL, both app and web client to server.

This would be for Emby Connect setups as well as local user setup.

Current Plan:

Utilize Lets Encrypt (https://letsencrypt.org/) to allow automated endoint encryption.  Luke is currently looking for members that may be able to help automate this at server endpoints.  

Possible Solutions include subdomains for each client (ex. customer.emby.media) or custom domains for each customer such as DyDNS.

 

Reasons for this:

 

What is done:

  • Enhanced SSL support on mobile application

 

What is needed:

  • Core universal SSL support
  • App supported SSL
  • Web-app supported SSL
  • Authentication passed over SSL to allow plaintext passwords
Edited by Untoten
  • Like 8

Share this post


Link to post
Share on other sites
Beardyname

ssl is already available (have been running this for 6+ months or so)

 

Are you asking it to be a built in valid cert? like letsencrypt, or would just like emby connect to implement it and make it valid somehow?

Share this post


Link to post
Share on other sites
Luke

Before we can pursue LDAP, ssl has to work out of the box for all users without any complicated setup, so that's what this thread is about.

  • Like 1

Share this post


Link to post
Share on other sites
Beardyname

gotcha!

  • Like 1

Share this post


Link to post
Share on other sites
Untoten

BUMP!!  Very useful for a lot of features, could allow plaintext auth to be sent as TLS would be existent.

Share this post


Link to post
Share on other sites
Untoten

@@Luke @@ebr

I was told almost 6 months ago this was a top priority, is there any update?  SSL is quite important in this day and age and would open the dorr for many improvements.

Share this post


Link to post
Share on other sites
Untoten

@@Luke @@ebr Updates?  Progress?

Share this post


Link to post
Share on other sites
Untoten

@@Luke @@ebr, remember I will pay considerable cash for this.  We all know SSL is becoming a necessity, especially with recent legislation.

Share this post


Link to post
Share on other sites
chef

Although my coding skill are relatively new regarding web development, certificates. I have some limited understanding on how to use OpenSSL and have worked with LetsEncrypt briefly.

Is there something I can do?

I have a feeling that this is nessessary for some new developments in emby.

  • Like 1

Share this post


Link to post
Share on other sites
Untoten

Although my coding skill are relatively new regarding web development, certificates. I have some limited understanding on how to use OpenSSL and have worked with LetsEncrypt briefly.

Is there something I can do?

I have a feeling that this is nessessary for some new developments in emby.

I would contact @@Luke and @@ebr, they seem to really need assistance with this based upon how long it has been.

 

Maybe this would help as a jumping off point?  https://github.com/DirtyJerz/embyDDNS

 

SSL is really a necessity and I am shocked it has taken this long to be honest.

Share this post


Link to post
Share on other sites
Luke

I would contact @@Luke and @@ebr, they seem to really need assistance with this based upon how long it has been.

 

Maybe this would help as a jumping off point?  https://github.com/DirtyJerz/embyDDNS

 

SSL is really a necessity and I am shocked it has taken this long to be honest.

 

We already support SSL, we just do not obtain a domain for users and therefore a more trusted cert.

Share this post


Link to post
Share on other sites
dcook

@@Untoten what is the issue?  

 

SSL is already supported, just put in your certificate

Share this post


Link to post
Share on other sites
Untoten

@@Untoten what is the issue?  

 

SSL is already supported, just put in your certificate

Not universally.  Not across all applications, so passwords are encrypted on client side.  Meaning SSO and LDAP are not currently possible.  This needs to be deployed universal so the authentication workflow can be altered.

Share this post


Link to post
Share on other sites
Untoten

This is still greatly inhibiting my deployment.  Not only that, but TLS is absolutely necessary for Emby.

Share this post


Link to post
Share on other sites
Untoten

@@Luke @@ebr any updates on progress?

Share this post


Link to post
Share on other sites
ebr

You will definitely hear from us when we have something to report.  Thanks.

Share this post


Link to post
Share on other sites
Untoten

For transparency's sake and community collaboration, do you have a current status of the request?  Perhaps a done/to do list?

EDIT: Grammar

Edited by Untoten

Share this post


Link to post
Share on other sites
Magic815

+1 on this. Sad to see such lack of development on SSL, LDAP, and SSO.

 

Starting to regret the decision to go with Emby Premiere based on how some of the most popular requests take years to be implemented. I'm looking at you, modifiable landing tab.

  • Like 1

Share this post


Link to post
Share on other sites
Untoten

+1 on this. Sad to see such lack of development on SSL, LDAP, and SSO.

 

Starting to regret the decision to go with Emby Premiere based on how some of the most popular requests take years to be implemented. I'm looking at you, modifiable landing tab.

Same, I hate that my requests are passified so often, even for a simple request like transparency.

Share this post


Link to post
Share on other sites
ebr

Same, I hate that my requests are passified so often, even for a simple request like transparency.

 

I'm sorry but we are operating in a highly competitive environment so we are not usually going to publicly expose all of our internal plans or progress.

 

With respect to this particular request - it is possible now to use SSL with Emby.  It just requires a bit of proper configuration and necessary components provided by the user.  To make this any more "plug-and-play" will require us to not only build a new system but also to provide a dynamic DNS service and integrate with other systems properly.  

  • Like 1

Share this post


Link to post
Share on other sites
Untoten

I'm sorry but we are operating in a highly competitive environment so we are not usually going to publicly expose all of our internal plans or progress.

 

With respect to this particular request - it is possible now to use SSL with Emby.  It just requires a bit of proper configuration and necessary components provided by the user.  To make this any more "plug-and-play" will require us to not only build a new system but also to provide a dynamic DNS service and integrate with other systems properly.  

I understand, I did not realize the competition of this market to be honest, that is very helpful to know when making requests, try to see from our perspective too it seemed like you were brushing us off.  I will keep that factor in mind in the future for other requests.

 

I get that it may not be plug and play, I just wish for the option to allow apps to send passwords plaintext so a more universal login system to be used, without SSL, obviously it is a terrible idea.  But now that it is atleast an option, it would be nice to have the ability from the server side to push plaintext passwords.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...