Jump to content

SSL and Security Quality


pir8radio

Recommended Posts

CBers

Perhaps put up a post in the General forum and I'll pin it?

 

Then people can be directed to it.

 

Just a suggestion.

Link to comment
Share on other sites

Guest asrequested

well it negates the need for a VPN or allows you to have a second way to access what you need.

 

you only have to have the default ports open on your router, so in my case only port 443. i can then close all the other ports to emby, plex, sonarr, radarr, etc etc. better security. it allows you to run your own certs more effectively and add additional security. if you have multiple boxes on your LAN, you only have to have one that is web fronted. all the others can hide behind it on your LAN.

 

So your ISP can't see what you're doing and you can't be traced? 

Link to comment
Share on other sites

pir8radio

So your ISP can't see what you're doing and you can't be traced? 

 

No.   A reverse proxy is more like a movie theater ticket collector.. You give them your ticket with what you are there to see, and they guide you to the proper theater, all through one movie theater entrance, rather than an outside door to every movie theater (not secure, and a pain to manage)...  lol     The reverse proxy reads the tickets (http headers) and directs you to the correct application or backend server through one main port that you open on your firewall..   

 

Anyways what are you doing, steeling government secrets?  HTTPS will hide what you are doing well enough for emby..   Now torrents, I would use a vpn.

Edited by pir8radio
Link to comment
Share on other sites

Guest asrequested

Anyways what are you doing, steeling government secrets?  HTTPS will hide what you are doing well enough for emby..   Now torrents, I would use a vpn.

 

Shhhh.....they're listening  :ph34r:  :blink:

 

 

No.   A reverse proxy is more like a movie theater ticket collector.. You give them your ticket with what you are there to see, and they guide you to the proper theater, all through one movie theater entrance, rather than an outside door to every movie theater (not secure, and a pain to manage)...  lol     The reverse proxy reads the tickets (http headers) and directs you to the correct application or backend server through one main port that you open on your firewall..   

 

Meh! No use to me. My system is just a big and expensive toy. If I get hacked, I'll have fun wiping and rebuilding, maybe with a reverse proxy :D  

Link to comment
Share on other sites

The next release of Emby Server will allow you to configure a password for your SSL cert, for those of you who might need that.

  • Like 1
Link to comment
Share on other sites

Swynol

Perhaps put up a post in the General forum and I'll pin it?

 

Then people can be directed to it.

 

Just a suggestion.

ok i will get to work on creating a 'How to'. should i put it in General Discussion or General/Windows Server?

 

i'm sure @@pir8radio and @@shorty1483 can help guide people in best practices. 

Edited by Swynol
  • Like 1
Link to comment
Share on other sites

CBers

ok i will get to work on creating a 'How to'. should i put it in General Discussion or General/Windows Server?

 

i'm sure @@pir8radio and @@shorty1483 can help guide people in best practices.

I've pinned the post.

Link to comment
Share on other sites

chef

No. A reverse proxy is more like a movie theater ticket collector.. You give them your ticket with what you are there to see, and they guide you to the proper theater, all through one movie theater entrance, rather than an outside door to every movie theater (not secure, and a pain to manage)... lol The reverse proxy reads the tickets (http headers) and directs you to the correct application or backend server through one main port that you open on your firewall.. .

I like this analogy... Well done.

 

When ever I run these tests against my domain, besides getting an "F" rating, it also shows my public IP address. This leads me to believe that that might be more of a security risk then what's happening with my SSL.

 

This there a way of masking that IP?

Edited by chef
Link to comment
Share on other sites

pir8radio

I like this analogy... Well done.

 

When ever I run these tests against my domain, besides getting an "F" rating, it also shows my public IP address. This leads me to believe that that might be more of a security risk then what's happening with my SSL.

 

This there a way of masking that IP?

 

The only way to mask your IP, that's free and works well and is not a VPN, is to use Cloudflare.com    They run nginx as a reverse proxy, but because its on their servers, their public IP's get exposed not yours, In this scenario all of their customers (you) are the "back-end servers".  I use cloudflare, if setup correctly, and you registrar is set to hide owner info, you can be pretty hidden..    Some of the most shady sites use cloudflare, like thepiratebay as well as legit .gov sites.  

Link to comment
Share on other sites

Swynol

unfortunately no way of hiding your IP otherwise your domain name wouldnt know where to go. If your on a dynamic IP its less of an issue, if you start getting DDOS you can reboot the router and get a new IP. 

 

Cloudflare is your best bet as pir8radio says. i used it in the past but havent looked at it since running NGINX.

  • Like 1
Link to comment
Share on other sites

Swynol

was looking for this thread earlier.

 

https://emby.media/community/index.php?/topic/44085-cloudflare-other-proxy-support/

 

it was started by pir8radio. he has come up with a solution in which you can use cloudflare to hide your IP and deliver the static content. then have a direct connection to server video and audio.

 

limitation is on a free account you can only have 2 firewall rules, so you have to decide to either server video/audio over http or https not both. also its limiting if you have other services running through cloudflare in which you want to do something similar.

Link to comment
Share on other sites

shorty1483

I like this analogy... Well done.

 

When ever I run these tests against my domain, besides getting an "F" rating, it also shows my public IP address. This leads me to believe that that might be more of a security risk then what's happening with my SSL.

 

This there a way of masking that IP?

 

Erm, everyone is able to do a nslookup command with your domain name if you do not use a CDN like Cloudflare.. So everyone who knows your domain name also can watch your IP if he's interested. But knowing an IP is just the smallest part.

Edited by shorty1483
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...