Jump to content

SSL Integration/Support


Untoten

Recommended Posts

Untoten

Status:  Initiated Blueprint

  • Luke has investigated this, unclear the progress on universal development.  App devs have not begun dev for this.  Once Luke builds core compatibility it may be 3+ months before app/client SSL adoption.
  • Spread the word!  Let's make it known how many Emby users would love to see this feature!

I have seen scattered, unorganized requests for this that seemed to die, so this will serve to centralize all support for SSL and to track responses/feedback.

 

This is to request Emby support SSL, both app and web client to server.

This would be for Emby Connect setups as well as local user setup.

Current Plan:

Utilize Lets Encrypt (https://letsencrypt.org/) to allow automated endoint encryption.  Luke is currently looking for members that may be able to help automate this at server endpoints.  

Possible Solutions include subdomains for each client (ex. customer.emby.media) or custom domains for each customer such as DyDNS.

 

Reasons for this:

 

What is done:

  • Enhanced SSL support on mobile application

 

What is needed:

  • Core universal SSL support
  • App supported SSL
  • Web-app supported SSL
  • Authentication passed over SSL to allow plaintext passwords
Edited by Untoten
  • Like 8
Link to comment
Share on other sites

Beardyname

ssl is already available (have been running this for 6+ months or so)

 

Are you asking it to be a built in valid cert? like letsencrypt, or would just like emby connect to implement it and make it valid somehow?

Link to comment
Share on other sites

Before we can pursue LDAP, ssl has to work out of the box for all users without any complicated setup, so that's what this thread is about.

  • Like 1
Link to comment
Share on other sites

  • 5 months later...
  • 2 months later...
Untoten

@@Luke @@ebr

I was told almost 6 months ago this was a top priority, is there any update?  SSL is quite important in this day and age and would open the dorr for many improvements.

Link to comment
Share on other sites

  • 2 weeks later...
  • 2 weeks later...
  • 2 months later...
chef

Although my coding skill are relatively new regarding web development, certificates. I have some limited understanding on how to use OpenSSL and have worked with LetsEncrypt briefly.

Is there something I can do?

I have a feeling that this is nessessary for some new developments in emby.

  • Like 1
Link to comment
Share on other sites

Untoten

Although my coding skill are relatively new regarding web development, certificates. I have some limited understanding on how to use OpenSSL and have worked with LetsEncrypt briefly.

Is there something I can do?

I have a feeling that this is nessessary for some new developments in emby.

I would contact @@Luke and @@ebr, they seem to really need assistance with this based upon how long it has been.

 

Maybe this would help as a jumping off point?  https://github.com/DirtyJerz/embyDDNS

 

SSL is really a necessity and I am shocked it has taken this long to be honest.

Link to comment
Share on other sites

I would contact @@Luke and @@ebr, they seem to really need assistance with this based upon how long it has been.

 

Maybe this would help as a jumping off point?  https://github.com/DirtyJerz/embyDDNS

 

SSL is really a necessity and I am shocked it has taken this long to be honest.

 

We already support SSL, we just do not obtain a domain for users and therefore a more trusted cert.

Link to comment
Share on other sites

Untoten

@@Untoten what is the issue?  

 

SSL is already supported, just put in your certificate

Not universally.  Not across all applications, so passwords are encrypted on client side.  Meaning SSO and LDAP are not currently possible.  This needs to be deployed universal so the authentication workflow can be altered.

Link to comment
Share on other sites

  • 4 weeks later...
Untoten

This is still greatly inhibiting my deployment.  Not only that, but TLS is absolutely necessary for Emby.

Link to comment
Share on other sites

  • 1 month later...

You will definitely hear from us when we have something to report.  Thanks.

Link to comment
Share on other sites

Untoten

For transparency's sake and community collaboration, do you have a current status of the request?  Perhaps a done/to do list?

EDIT: Grammar

Edited by Untoten
Link to comment
Share on other sites

Magic815

+1 on this. Sad to see such lack of development on SSL, LDAP, and SSO.

 

Starting to regret the decision to go with Emby Premiere based on how some of the most popular requests take years to be implemented. I'm looking at you, modifiable landing tab.

  • Like 1
Link to comment
Share on other sites

Untoten

+1 on this. Sad to see such lack of development on SSL, LDAP, and SSO.

 

Starting to regret the decision to go with Emby Premiere based on how some of the most popular requests take years to be implemented. I'm looking at you, modifiable landing tab.

Same, I hate that my requests are passified so often, even for a simple request like transparency.

Link to comment
Share on other sites

Same, I hate that my requests are passified so often, even for a simple request like transparency.

 

I'm sorry but we are operating in a highly competitive environment so we are not usually going to publicly expose all of our internal plans or progress.

 

With respect to this particular request - it is possible now to use SSL with Emby.  It just requires a bit of proper configuration and necessary components provided by the user.  To make this any more "plug-and-play" will require us to not only build a new system but also to provide a dynamic DNS service and integrate with other systems properly.  

  • Like 1
Link to comment
Share on other sites

Untoten

I'm sorry but we are operating in a highly competitive environment so we are not usually going to publicly expose all of our internal plans or progress.

 

With respect to this particular request - it is possible now to use SSL with Emby.  It just requires a bit of proper configuration and necessary components provided by the user.  To make this any more "plug-and-play" will require us to not only build a new system but also to provide a dynamic DNS service and integrate with other systems properly.  

I understand, I did not realize the competition of this market to be honest, that is very helpful to know when making requests, try to see from our perspective too it seemed like you were brushing us off.  I will keep that factor in mind in the future for other requests.

 

I get that it may not be plug and play, I just wish for the option to allow apps to send passwords plaintext so a more universal login system to be used, without SSL, obviously it is a terrible idea.  But now that it is atleast an option, it would be nice to have the ability from the server side to push plaintext passwords.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...