Jump to content

Security 101: Secure Connections

regid

By regid
in General/Windows

 Share

Recommended Posts

Luke Emby Team

Luke 40067

Posted
Posted
6 minutes ago, nahtay said:

Well Plex has it. 

Hi, but don't you want a personal media server and not one that puts your information into the cloud?

KMBanana

KMBanana 109

Posted
Posted

Some kind of certbot/letsencrypt/acme integration to get and pull a free SSL cert could conceivably be implemented, I do think it would be nice for less tech savvy users.  It still would require owning a domain, or having the user register with a 3rd party service like duckdns.  

 

Something well outside the scope of Emby's team that conceptually could be done is integrate a ddns type service into Emby.

Some setting or plugin on Emby is set up, it basically phones into Emby and tells it "I want to use <bazinga43> and am remotely connectable at <WAN IP ADDRESS> and here is my Emby premiere license."

Emby on their end makes an A record entry for something like bazinga43>.emby.media to the server WAN IP address, and the server then uses that to pull a free letsencrypt cert.  

nahtay

nahtay 3

Posted
Posted

I dont want me media in the cloud, just be able to securely remotely access it not via http. 

Happy2Play

Happy2Play 9441

Posted
Posted
Just now, nahtay said:

I dont want me media in the cloud, just be able to securely remotely access it not via http. 

But per your comment using Plex you are allowing them access to your media or at least them seeing absolutely everything you do through their servers.

nahtay

nahtay 3

Posted
Posted

Well that shows my lack of understanding I guess. I thought it was encrypted. 

Q-Droid

Q-Droid 880

Posted
Posted
34 minutes ago, nahtay said:

Well that shows my lack of understanding I guess. I thought it was encrypted. 

Plex can do what they do because they own the domains used to "give" you HTTPS. They also make you give them a login name and the login name for all of your users. This is what @Luke means when he asks if you'd rather have a personal media server that you control fully as well as your access details.

 

nahtay

nahtay 3

Posted
Posted

I would but am struggling to know how to get https working on emby. 

vaise

vaise 331

Posted
Posted
6 minutes ago, nahtay said:

I would but am struggling to know how to get https working on emby. 

If you are every planning on hosting more than just emby in your home, maybe you should instead look at running a reverse proxy on your home system (nginx, caddy) and that goes between the internet and your services - and that does the SSL for you and automates updates of it.  Then in emby, you just tick the box that says 'handled by reverse proxy'.  Its no longer an 'emby' thing then.  There are threads on that I believe.

nahtay

nahtay 3

Posted
Posted

I don't have a synology but I have a couple domains. How would I create a reverse proxy for that?

vaise

vaise 331

Posted
Posted

Google nginx, caddy, have a read.  Learn it.  In the meantime you can also research wireguard or tailscale to safe access via a vpn.

PrincessClevage

PrincessClevage 175

Posted
Posted

Do yourself a favour and get yourself one of these:

https://firewalla.com
 

easy to setup and control with free WireGuard vpn for most devices to connect back to home from where ever you travel or share vpn with family, friends for access to emby 

nahtay

nahtay 3

Posted
Posted

I have an API key from a domain, docker installed but I am struggling understanding docker commands for ngnix to get it working.

user84

user84 36

Posted
Posted

Just hopping in to say that this thread has been active since 2018. From a basic customer service standpoint, offering a solution to those who don't want to get a college degree in networking just to use Emby securely is something the Devs should consider. I don't know the impact of offering this (cost, maintenance etc) so I concede if the demand is too much. But offering this as an OPTION and not a REQUIREMENT seems reasonable.

I'm just curious why this hasn't been developed and offered yet?

Happy2Play

Happy2Play 9441

Posted
Posted
1 minute ago, Blam84 said:

I'm just curious why this hasn't been developed and offered yet?

And how would they do that?  Make you login to their servers like Plex does?  Then you lose your Personal media server and are tracked and monitor per the third party server.

 

 

  • Agree 1
user84

user84 36

Posted
Posted
6 minutes ago, Happy2Play said:

And how would they do that?  Make you login to their servers like Plex does?  Then you lose your Personal media server and are tracked and monitor per the third party server.

 

 

That is correct, yes. And for those who don't care about being tracked, they would choose this option.

Happy2Play

Happy2Play 9441

Posted
Posted
Just now, Blam84 said:

That is correct, yes. And for those who don't care about being tracked, they would choose this option.

I would assume the overhead running these servers would add a major additional cost.

Neminem

Neminem 886

Posted
Posted (edited)

Guess an ADMIN should educate them self.

They are administrating an infrastructure they won't.

If they don't know how to secure it them self and there infrastructure, they should not be admins.

Edited by jaycedk
user84

user84 36

Posted
Posted
2 minutes ago, jaycedk said:

Guess an ADMIN should educate them self.

They are administrating an infrastructure they won't.

If they don't know how to secure it them self and there infrastructure, they should not be admins.

Interesting. I'm curious what you mean by Admin? Because I'm pretty certain all Emby users are not Admins sharing their content with others. I'm sure there are many who are regular people looking to stream their own content locally, and from the office or on vacation every so often. 

Are you suggesting these folks need to be just as educated? 

Neminem

Neminem 886

Posted
Posted

Well you do have an admin account, right.

Then you are the admin of set server, right.

If you do not know, what you are doing, should you do it.

Sure why not, but educate your self to handle it.

With the role as admin, comes the responsibility to of being set admin.

user84

user84 36

Posted
Posted
5 minutes ago, jaycedk said:

Well you do have an admin account, right.

Then you are the admin of set server, right.

If you do not know, what you are doing, should you do it.

Sure why not, but educate your self to handle it.

With the role as admin, comes the responsibility to of being set admin.

If that's the business model being followed here, so be it. But if so, it dramatically limits the amount of users Emby will ever have

Neminem

Neminem 886

Posted
Posted

That's just my opinion.

I'm just a emby user/admin, and I had no problems with archiving my gools.

I educated my self !!

nahtay

nahtay 3

Posted
Posted

I'm close I think. I just have never done a reverse proxy. I have a domain. I installed docker. I just don't know how to get it working to enable SSL.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...