Jump to content
FordGT90Concept

ANSWERED Local versus External in terms of Users

Recommended Posts

FordGT90Concept

Definitions:
Local refers to HTTP/unsecure
External refers to HTTPS/secure

 

For local use, I really see no reason to use passwords but for external use, passwords are critical to prevent anonymous access (only want a handful of people to access it, not the ~7 billion people on the planet).

 

What I expected going into this is that only Emby Connect enabled accounts would show up through HTTPS and they would require the Emby Connect credentials to log in.

 

What I got was the same as HTTP: click a name and you're in.

 

 

So, what does Emby support now in terms restricting access to the world other than NAT routers and requiring all users to have password?  If I have it about right, then consider this a feature request (probably should move it to Feature Request forum).

Edited by FordGT90Concept

Share this post


Link to post
Share on other sites
Happy2Play

Local is all connections inside your home network and external are all WAN connections HTTP and HTTPS are doesn't matter.

 

 

Is there a reason to use Connect on a local network, I see no reason to and enable Easy Pin Access with no pin for local access with no password.

 

I guess it really depends on how you set your users up.   Guests or Users

Edited by Happy2Play

Share this post


Link to post
Share on other sites
FordGT90Concept

I don't really need to use Emby Connect at all because there's a domain name pointing at my IP.

 

Right now, all users are configured as Users.  I guess I don't really understand the difference between Guest and User.  I would assume that Guest would be someone that is more or less anonymous.

 

 

I think what is confusing me is that in the Dashboard, it shows local and external as I described in the OP.  Local uses HTTP and external uses HTTPS.  I have HTTPS forwarded through my NAT router but not HTTP. I am getting "Connection failure" through Emby Connect when I try to use it.  I can access the https:// link (the domain name) that appears in the Dashboard.  Does Emby Connect use HTTP port?  Why would I want to/should I forward HTTPs when it is clear HTTPS should be used for external?

 

 

Everything is so confusing/unexpected. :(

Edited by FordGT90Concept

Share this post


Link to post
Share on other sites
Luke

If the dashboard shows a given URL as external why would you think emby connect would use something different?

Share this post


Link to post
Share on other sites
FordGT90Concept

So Emby Connect uses 8920 TCP?  Any idea why it is giving "Connection failure" then when trying to access the server via app.emby.media?  https://domain:8920 works to access it.

 

Kind of off topic but eventually would create a separate thread about that anyway.

Edited by FordGT90Concept

Share this post


Link to post
Share on other sites
zigzagtshirt

@@FordGT90Concept

 

See this guide to set up https properly with an SSL certificate and your domain.

 

https://emby.media/community/index.php?/topic/44757-setting-up-ssl-for-emby-wip/

 

The guide should get you through it.  I did have a hang up near the end that appeared to be unique to me.  Post on that thread if you need help.

Edited by tsherran

Share this post


Link to post
Share on other sites
Luke

So Emby Connect uses 8920 TCP?  Any idea why it is giving "Connection failure" then when trying to access the server via app.emby.media?  https://domain:8920 works to access it.

 

Kind of off topic but eventually would create a separate thread about that anyway.

 

if you used http://app.emby.media then you need to switch to the ssl version, https://app.emby.media

Share this post


Link to post
Share on other sites
FordGT90Concept

@@FordGT90Concept

 

See this guide to set up https properly with an SSL certificate and your domain.

 

https://emby.media/community/index.php?/topic/44757-setting-up-ssl-for-emby-wip/

 

The guide should get you through it.  I did have a hang up near the end that appeared to be unique to me.  Post on that thread if you need help.

 

I do get an SSL certificate error but ignoring the error, the website works.  Can not having an SSL certificate cause Emby Connect to break?

 

if you used http://app.emby.media then you need to switch to the ssl version, https://app.emby.media

I've tried HTTPS and HTTP paths to log in. Both give:

Connection Failure

We're unable to connect to the selected server right now. Please ensure it is running and try again.

Share this post


Link to post
Share on other sites
zigzagtshirt

@@FordGT90Concept

 

Personally I never got Emby Connect to work when I was using https.  It would only connect on http.

 

Haven't tried it yet since I set up my SSL certificate.  I'll test that soon.

 

Make sure you try Luke's suggestion above.

Share this post


Link to post
Share on other sites
Luke

@@FordGT90Concept

 

Personally I never got Emby Connect to work when I was using https.  It would only connect on http.

 

Haven't tried it yet since I set up my SSL certificate.  I'll test that soon.

 

Make sure you try Luke's suggestion above.

 

Most likely due to the browser rejecting the cert.

Share this post


Link to post
Share on other sites
FordGT90Concept

Under normal circumstances, Emby Connect should be the same as https://domain:8920 right? Does it really serve any purpose if access already is not a problem? It would be nice if the error message gave a reason for connection failure. SSL cert rejection would be a handy thing to know.

 

If Emby Connect's only purpose is to simplify access then should probably shift focus back to the original post question/concern of user access. Security when exposed to the world wide web needs to be magnitudes greater than security for intranet traffic. I don't understand how to make it so or if it is even possible.

Edited by FordGT90Concept

Share this post


Link to post
Share on other sites
Luke

You can assign passwords to users in the Emby Server dashboard.

Share this post


Link to post
Share on other sites
FordGT90Concept

I saw that but then it requires password for internet and intranet (192.168.0.#) then, correct?

Share this post


Link to post
Share on other sites
Luke

I would suggest going back to the change password screen, and reading all of the options that are presented on the screen.

  • Like 1

Share this post


Link to post
Share on other sites
FordGT90Concept

Ah, if looking to improve/prevent question from being asked in the future, I would recommend graying out/locking the UI elements on the password tab instead of hiding them.

 

 

Is there a way to hide all accounts outside the network that don't have passwords?

Edited by FordGT90Concept

Share this post


Link to post
Share on other sites
Luke

You can look at the option to hide a user from login screens.

Share this post


Link to post
Share on other sites
FordGT90Concept

All I see is:

Hide this user from login screens

 

 

Useful for private or hidden administrator accounts. The user will need to sign in manually by entering their username and password.

No option to "Hide this user from external login screens?" Actually I think the opposite should be the case: if no password set, account hidden from external. I would expect to check a box to unhide it on external with a warning that everyone with internet access will be able to access this. Edited by FordGT90Concept

Share this post


Link to post
Share on other sites
Luke

just hide from login screens is what we have right now.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...