CBers 6882 Posted May 11, 2017 Share Posted May 11, 2017 Perhaps put up a post in the General forum and I'll pin it? Then people can be directed to it. Just a suggestion. Link to comment Share on other sites More sharing options...
Guest asrequested Posted May 12, 2017 Share Posted May 12, 2017 well it negates the need for a VPN or allows you to have a second way to access what you need. you only have to have the default ports open on your router, so in my case only port 443. i can then close all the other ports to emby, plex, sonarr, radarr, etc etc. better security. it allows you to run your own certs more effectively and add additional security. if you have multiple boxes on your LAN, you only have to have one that is web fronted. all the others can hide behind it on your LAN. So your ISP can't see what you're doing and you can't be traced? Link to comment Share on other sites More sharing options...
pir8radio 1301 Posted May 12, 2017 Author Share Posted May 12, 2017 (edited) So your ISP can't see what you're doing and you can't be traced? No. A reverse proxy is more like a movie theater ticket collector.. You give them your ticket with what you are there to see, and they guide you to the proper theater, all through one movie theater entrance, rather than an outside door to every movie theater (not secure, and a pain to manage)... lol The reverse proxy reads the tickets (http headers) and directs you to the correct application or backend server through one main port that you open on your firewall.. Anyways what are you doing, steeling government secrets? HTTPS will hide what you are doing well enough for emby.. Now torrents, I would use a vpn. Edited May 12, 2017 by pir8radio Link to comment Share on other sites More sharing options...
Guest asrequested Posted May 12, 2017 Share Posted May 12, 2017 Anyways what are you doing, steeling government secrets? HTTPS will hide what you are doing well enough for emby.. Now torrents, I would use a vpn. Shhhh.....they're listening No. A reverse proxy is more like a movie theater ticket collector.. You give them your ticket with what you are there to see, and they guide you to the proper theater, all through one movie theater entrance, rather than an outside door to every movie theater (not secure, and a pain to manage)... lol The reverse proxy reads the tickets (http headers) and directs you to the correct application or backend server through one main port that you open on your firewall.. Meh! No use to me. My system is just a big and expensive toy. If I get hacked, I'll have fun wiping and rebuilding, maybe with a reverse proxy Link to comment Share on other sites More sharing options...
Luke 37994 Posted May 12, 2017 Share Posted May 12, 2017 The next release of Emby Server will allow you to configure a password for your SSL cert, for those of you who might need that. 1 Link to comment Share on other sites More sharing options...
Swynol 375 Posted May 12, 2017 Share Posted May 12, 2017 (edited) Perhaps put up a post in the General forum and I'll pin it? Then people can be directed to it. Just a suggestion. ok i will get to work on creating a 'How to'. should i put it in General Discussion or General/Windows Server? i'm sure @@pir8radio and @@shorty1483 can help guide people in best practices. Edited May 12, 2017 by Swynol 1 Link to comment Share on other sites More sharing options...
CBers 6882 Posted May 12, 2017 Share Posted May 12, 2017 ok i will get to work on creating a 'How to'. should i put it in General Discussion or General/Windows Server? i'm sure @@pir8radio and @@shorty1483 can help guide people in best practices. I've pinned the post. Link to comment Share on other sites More sharing options...
Swynol 375 Posted May 12, 2017 Share Posted May 12, 2017 thanks @@CBers sorry its such a long post, hopefully it makes sense. Link to comment Share on other sites More sharing options...
CBers 6882 Posted May 12, 2017 Share Posted May 12, 2017 thanks @@CBers sorry its such a long post, hopefully it makes sense. It might take a few reads Link to comment Share on other sites More sharing options...
chef 3763 Posted May 12, 2017 Share Posted May 12, 2017 (edited) No. A reverse proxy is more like a movie theater ticket collector.. You give them your ticket with what you are there to see, and they guide you to the proper theater, all through one movie theater entrance, rather than an outside door to every movie theater (not secure, and a pain to manage)... lol The reverse proxy reads the tickets (http headers) and directs you to the correct application or backend server through one main port that you open on your firewall.. .I like this analogy... Well done. When ever I run these tests against my domain, besides getting an "F" rating, it also shows my public IP address. This leads me to believe that that might be more of a security risk then what's happening with my SSL. This there a way of masking that IP? Edited May 12, 2017 by chef Link to comment Share on other sites More sharing options...
pir8radio 1301 Posted May 12, 2017 Author Share Posted May 12, 2017 I like this analogy... Well done. When ever I run these tests against my domain, besides getting an "F" rating, it also shows my public IP address. This leads me to believe that that might be more of a security risk then what's happening with my SSL. This there a way of masking that IP? The only way to mask your IP, that's free and works well and is not a VPN, is to use Cloudflare.com They run nginx as a reverse proxy, but because its on their servers, their public IP's get exposed not yours, In this scenario all of their customers (you) are the "back-end servers". I use cloudflare, if setup correctly, and you registrar is set to hide owner info, you can be pretty hidden.. Some of the most shady sites use cloudflare, like thepiratebay as well as legit .gov sites. Link to comment Share on other sites More sharing options...
Swynol 375 Posted May 12, 2017 Share Posted May 12, 2017 unfortunately no way of hiding your IP otherwise your domain name wouldnt know where to go. If your on a dynamic IP its less of an issue, if you start getting DDOS you can reboot the router and get a new IP. Cloudflare is your best bet as pir8radio says. i used it in the past but havent looked at it since running NGINX. 1 Link to comment Share on other sites More sharing options...
Swynol 375 Posted May 12, 2017 Share Posted May 12, 2017 was looking for this thread earlier. https://emby.media/community/index.php?/topic/44085-cloudflare-other-proxy-support/ it was started by pir8radio. he has come up with a solution in which you can use cloudflare to hide your IP and deliver the static content. then have a direct connection to server video and audio. limitation is on a free account you can only have 2 firewall rules, so you have to decide to either server video/audio over http or https not both. also its limiting if you have other services running through cloudflare in which you want to do something similar. Link to comment Share on other sites More sharing options...
shorty1483 477 Posted May 12, 2017 Share Posted May 12, 2017 (edited) I like this analogy... Well done. When ever I run these tests against my domain, besides getting an "F" rating, it also shows my public IP address. This leads me to believe that that might be more of a security risk then what's happening with my SSL. This there a way of masking that IP? Erm, everyone is able to do a nslookup command with your domain name if you do not use a CDN like Cloudflare.. So everyone who knows your domain name also can watch your IP if he's interested. But knowing an IP is just the smallest part. Edited May 12, 2017 by shorty1483 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now