Jump to content

Something like this will do just about right !

saajan4u

By saajan4u
in Feature Requests

 Share

Recommended Posts

chef

chef   3745

Posted
Posted

It looks like PLEX partnered with Digicert.

If we could get a partner then anything is possible I'm sure.

But, partners always want a cut, so it is really up to the lead developers how to proceed.

 

I know that there must have been some work done on tv.emby.media to enable SSL certs as of late. Alexa skills need that to communicate with server entry points, and we now have Alexa support.

 

So I'm sure that in the near future we will see something like this come to emby.

 

I know that recently emby has enabled password protection on SSL certs, which is new.

 

So I believe that the lead devs do have this sort of thing in the radar, however... With the problems, currently, with some of the players... Such as Xbox one emby theatre... I wounded if we may be waiting a bit.

 

I'm sure it is going to happen... It's just a matter of being patient and waiting for the right partnership.

 

I'm wondering if maybe LetsEncrypt is a viable option.

 

SSL over all (at least to me) seem like a money grab...(wait! Just hear me out...)

 

Instead of making the Internet secure... Companies are going to charge for it... Weather with monitory funds, or your time to enable SSLs every month. Even if it only take a couple minutes to create a new one.

I dunno... It seems like it is all about a green lock icon in an address bar, and an "s" added to a URL. Lol

  • Like 1
Link to comment
Share on other sites
  • 1 month later...
Untoten

Untoten   295

Posted
Posted (edited)

Yup I have been asking for SSL for over a year now, it's a necessity with something like this, unfortunately it seems to be of low priority for the team :/

@@chef, if you think SSL hold no real value except aesthetic, I recommend reading up a bit.

Edited by Untoten
Link to comment
Share on other sites
chef

chef   3745

Posted
Posted

Yup I have been asking for SSL for over a year now, it's a necessity with something like this, unfortunately it seems to be of no concern to the Emby team as LiveTV and many other things are getting frequent precedent.

 

@@chef, if you think SSL hold no real value except aesthetic, I recommend reading up a bit.

Hehe... I know it was just a joke. What I meant was: shouldn't everything be secure, if it could be secure?

Why capitalize on something like HTTPS? Shouldn't it just be that way on the Internet for every site?

  • Like 1
Link to comment
Share on other sites
Untoten

Untoten   295

Posted
Posted

Hehe... I know it was just a joke. What I meant was: shouldn't everything be secure, if it could be secure?

Why capitalize on something like HTTPS? Shouldn't it just be that way on the Internet for every site?

Fair enough lol.  I about crapped my pants seeing a dev say something like that baha

Link to comment
Share on other sites
aptalca

aptalca   70

Posted
Posted

Simple enough to use letsencrypt for this emby would need to set up a ddns service for its users but it is doable.

The only problem with letsencrypt for built in emby use is that letsencrypt requires validation through ports 80 or 443 (no custom ports). With upnp, that would not work for folks who already have those ports forwarded on the router. Not an insurmountable challenge, but would create a lot of support requests (plus the whole renewal every 90 days thing)

 

Plex partnered with a cert provider so they are able to customize the process to fit their needs

Link to comment
Share on other sites
Tur0k

Tur0k   143

Posted
Posted

The only problem with letsencrypt for built in emby use is that letsencrypt requires validation through ports 80 or 443 (no custom ports). With upnp, that would not work for folks who already have those ports forwarded on the router. Not an insurmountable challenge, but would create a lot of support requests (plus the whole renewal every 90 days thing)

 

Plex partnered with a cert provider so they are able to customize the process to fit their needs

My let's encrypt acme client is setup on my PFsense firewall. I have it setup to perform a DNS manual lookup. I added the required txt dns custom records to my public DNS to prove ownership and the rest happens in the background.

 

 

Sent from my iPhone using Tapatalk

Link to comment
Share on other sites
mwongjay

mwongjay   64

Posted
Posted

I run duckdns and letsencrypt in docker containers. I then point Emby, and any other service using ssl, at the directory where the ssl cert is stored. I only expose one port on my router for https requests that are forwarded to nginx which is set up as a reverse proxy. All services I run on my server communicate internally over http as I don't have a need for the additional overhead. This is relatively trivial to set up and I personally would rather have it set up in this configuration for a few reasons:

 

1. Security is important, but most people who aren't remotely accessing their server don't need it

2. I'd rather the devs focus on improving/adding features surrounding the core purpose of Emby

3. It's trivial to set up and once you've set it up you don't need to update it. It allows you to easily reuse certs for multiple services without worrying that taking down the Emby service (if you used Emby to for certs) would affect other services that depend on those certs.

  • Like 1
Link to comment
Share on other sites
aptalca

aptalca   70

Posted
Posted

My let's encrypt acme client is setup on my PFsense firewall. I have it setup to perform a DNS manual lookup. I added the required txt dns custom records to my public DNS to prove ownership and the rest happens in the background.

 

 

Sent from my iPhone using Tapatalk

Don't you have to update the txt records for each renewal?

 

Even if not, ddns providers don't let you add those dns entries

Link to comment
Share on other sites
Tur0k

Tur0k   143

Posted
Posted (edited)

Don't you have to update the txt records for each renewal?

 

Even if not, ddns providers don't let you add those dns entries

Each ssl that I configure takes one txt record. Once I create the record, and so long as I don't force it to recreate the connection (which would cause the acme to require a new txt record for the ssl cert) the same txt record just works.

 

Agreed, most DDNS services don't support the necessary public DNS records to support dns-manual domain ownership confirmation.

 

At home, I am using google domains. I have a second level domain and public DNS for $12. I can create as many subdomains as I want. Google domains' public DNS is a really solid service too. I can create as many DDNS/A+ synthetic public DNS records as I want along with the conventional custom records. My only complaint is that they don't support CAA custom records in their Public DNS yet. Which could mean that I will need to switch on September if they don't work that into their service offering.

 

 

Sent from my iPhone using Tapatalk

Edited by Tur0k
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...