Jump to content


Photo

Best solution for travelling?

travel apps https ssl

  • Please log in to reply
10 replies to this topic

#1 hijinx OFFLINE  

hijinx

    Member

  • Members
  • 23 posts
  • Local time: 07:47 PM

Posted 28 July 2016 - 08:06 AM

Hi Emby crowd!

 

I have an emby server visible on the internet via SSL/HTTPS only. My server has DDNS so is accessed via URL rather than IP address.

 

I'll be off on a family holiday soon and we're looking to be able to watch our Emby movies on the TV in our destination.

The problem is that I have found that Emby app support for HTTPS seems to be quite patchy...

- iOS works perfectly with HTTPS. I can watch movies from other networks, from 3G/LTE etc no probs... but of course is is not a big screen family experience.

- Samsung TV app works well - family members are able to stream from my Emby server... but I wont be sideloading TV apps on someone elses TV

- Amazon fire stick - not working with HTTPS. It fails when trying to select an HTTPS address

- Emby sideloaded to Now TV box (aka a roku 3) - does not work with HTTPs

- Chromecast - TBC need to test it today

 

One other option is to use the (very pricey) Apple lightning HDMI adapter to watch from iOS app on the TV.

Does anyone know if the Apple lightning HDMI adapter works with Emby app?

Does anyone have any good (well proven) ideas on how to stream Emby via SSL? Which apps/devices will work? What do you guys do?

Note that I have direct access to the wifi network at my travel destination. Its not a hotel wifi with captive portal thank god.

(The amazon fire stick is potentially the holy grail of Emby travel since it supports hotel wifi... but sadly not SSL connections)

 

Big thanks in advance for you inputs!! 


Edited by hijinx, 28 July 2016 - 08:09 AM.


#2 Luke OFFLINE  

Luke

    System Architect

  • Administrators
  • 134622 posts
  • Local time: 03:47 PM

Posted 28 July 2016 - 01:49 PM

Hi, welcome. Chromecast could be a good solution but you will need a trusted ssl cert for it to your. Or since you mentioned you want something that is big screen friendly, why not try Emby Theater:

 

http://emby.media/co...ws-and-the-web/



#3 shorty1483 OFFLINE  

shorty1483

    Advanced Member

  • Members
  • 1380 posts
  • Local time: 09:47 PM
  • LocationGermany

Posted 28 July 2016 - 04:07 PM

Depending on Samsung model you can just plug in a USB stick with the latest Emby app. When you unplug, the app is gone.



#4 hijinx OFFLINE  

hijinx

    Member

  • Members
  • 23 posts
  • Local time: 07:47 PM

Posted 28 July 2016 - 04:21 PM

Hi, welcome. Chromecast could be a good solution but you will need a trusted ssl cert for it to your. Or since you mentioned you want something that is big screen friendly, why not try Emby Theater:

 

http://emby.media/co...ws-and-the-web/

 

Thanks Luke

The SSL cert is trusted - its a proper cert issued by letsencrypt - and chromecast seems to be working with it.

As final test I'll try running it from my phones personal hotspot rather than hairpin NAT.

Regarding ET, I'll give it a try! (not for travel though as we'll not be lugging pc/laptop with us)

 

Cheers!



#5 hijinx OFFLINE  

hijinx

    Member

  • Members
  • 23 posts
  • Local time: 07:47 PM

Posted 28 July 2016 - 04:22 PM

Depending on Samsung model you can just plug in a USB stick with the latest Emby app. When you unplug, the app is gone.

 

Ah - better than my 2011 model which is barely supported now.

For travel though we're not sure what model TV will be there :(



#6 pir8radio OFFLINE  

pir8radio

    NGINX

  • Members
  • 2876 posts
  • Local time: 02:47 PM
  • LocationChicago

Posted 28 July 2016 - 08:47 PM

Hum, I don't get peoples infatuation with encrypting their emby streams...  I mean I get it for the login info....  But even if you have a completely illegal collection, ISP's are not putting together the stream to see what it is...   They will however grab movie/file names in packets and match those, but emby uses hashed stream names so that is out...  Just for my own curiosity, why do you require an encrypted stream?     I'm not trying to be mean or anything, just curious..           

 

Anyway I would say buy a cheap windows or android stick from ebay, and install your favorite browser on it, use emby that way...

Maybe something like this:  http://www.ebay.com/...zoAAOSwu-BWPCVA

 

Oh erm, oops, just noticed you said chrome cast IS working..  well here is a backup plan lol..


Edited by pir8radio, 28 July 2016 - 08:48 PM.


#7 colejack OFFLINE  

colejack

    Advanced Member

  • Members
  • 81 posts
  • Local time: 03:47 PM

Posted 28 July 2016 - 11:06 PM

Hum, I don't get peoples infatuation with encrypting their emby streams...  I mean I get it for the login info....  But even if you have a completely illegal collection, ISP's are not putting together the stream to see what it is...   They will however grab movie/file names in packets and match those, but emby uses hashed stream names so that is out...  Just for my own curiosity, why do you require an encrypted stream?     I'm not trying to be mean or anything, just curious..           

 

Anyway I would say buy a cheap windows or android stick from ebay, and install your favorite browser on it, use emby that way...

Maybe something like this:  http://www.ebay.com/...zoAAOSwu-BWPCVA

 

Oh erm, oops, just noticed you said chrome cast IS working..  well here is a backup plan lol..

 

I have mine setup with SSL,  but also have plain http for my Windows phone whoes Emby app doesn't support SSL. I guess my only reasoning for SSL with Emby is it makes me feel good, lol. Plus my other outward facing web apps (Guacamole, etc) are SSL encrypted so why not Emby? :)


  • pir8radio likes this

#8 hijinx OFFLINE  

hijinx

    Member

  • Members
  • 23 posts
  • Local time: 07:47 PM

Posted 29 July 2016 - 05:36 AM

I have mine setup with SSL,  but also have plain http for my Windows phone whoes Emby app doesn't support SSL. I guess my only reasoning for SSL with Emby is it makes me feel good, lol. Plus my other outward facing web apps (Guacamole, etc) are SSL encrypted so why not Emby? :)

 

My reasons for using SSL were:

1) When using public wifi I dont want any data or metadata in the request/responses to/from emby to be visible to unknown persons. I dont know what is/is not sent, but why take a risk when its easy to configure SSL?

2) Assuming someone was able to sniff login passwords and gain entry to my emby server, at the very least they could maliciously trash emby config, delete media etc, and possibly gain access outside of emby.

 

Maybe you might think its a little paranoid (I dont tbh), but my preference would be that every site I connect to supports SSL/HTTPS.

 

Its not about obscuring content from anybody.


  • pir8radio likes this

#9 pir8radio OFFLINE  

pir8radio

    NGINX

  • Members
  • 2876 posts
  • Local time: 02:47 PM
  • LocationChicago

Posted 29 July 2016 - 07:47 AM

Ok good to know, I was just curious...    I know where I work we intercept all traffic including SSL, TLS etc decrypt DPI it then re-encrypt it..   Of course there are some caveats there..   But just imagine what the government can do..   :ph34r:     

 

Here is a similar device to what we use to intercept the SSL traffic:  https://www.bluecoat...65-aa7e4dc7e471

• Detection of all SSL traffic, irrespective of destination port value (application), using deep packet inspection techniques

• Provides the clear text of any SSL flow, including HTTPS, SPDY, POP3, IMAP, SMTP, FTP and other protocols that use SSL/TLS.

 

Interesting reading....   I guess I look at security like a door to your house...  You lock it and "feel good" but I can kick that thing down, or go right through a window...  


Edited by pir8radio, 29 July 2016 - 07:57 AM.


#10 hijinx OFFLINE  

hijinx

    Member

  • Members
  • 23 posts
  • Local time: 07:47 PM

Posted 29 July 2016 - 08:09 AM

Its an interesting read - thanks

I assume that it's a proxy based solution, where clients have to use the the proxy to access the internet, and the proxy also deals with SSL interception and re-encryption, assures trust with the client etc.

 

more googling ....

http://www.zdnet.com...-and-break-ssl/

From this comment seems like you also need to pre-install the proxy cert on client "If your company has set up the proxy correctly you won't know anything is off because they'll have arranged to have the proxy's internal SSL certificate registered on your machine as a valid certificate."

 

I dont doubt that an organisation with enough resources and or planning can intercept, but for me it's enough.

Back to the door analogy, I feel happier having locked the front door than leaving it wide open. I know that I dont live in fort knox, but that there is enough security to prevent a casual thief.

 

Its also about the right balance between security and convenience.

I also have an openvpn server that for sure gives additional security, but its not so convenient to have to VPN in to watch movies.

Fine for a laptop or iOS device with OpenVPN client... not so for other apps.



#11 legallink OFFLINE  

legallink

    Advanced Member

  • Alpha Testers
  • 1206 posts
  • Local time: 03:47 PM

Posted 29 July 2016 - 10:22 AM

So, it's more expensive than the HDMI connector, but I use the Apple TV app and take an extra one with me whenever I travel.







Also tagged with one or more of these keywords: travel, apps, https, ssl

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users