mastrmind11 717 Posted April 5, 2018 Share Posted April 5, 2018 (edited) ^^ this. It's extremely simple to set up VLANs w/ the Unifi Controller if you're concerned about security internally. Having to go out to the internet and come back in just so you can use HTTPS internally seems a bit much imo. Edited April 5, 2018 by mastrmind11 Link to comment Share on other sites More sharing options...
Swynol 375 Posted April 5, 2018 Share Posted April 5, 2018 (edited) Yeah it does. I also host a Crush FTP server and connect to it with my WAN IP also. Worked on my FiOS Gateway which was then replaced with a DLINK DIR 868L and worked fine on that, which is now replaced with a Unifi USG and it works flawlessly on that as well. I block all HTTP connections just to be safe regardless if it is on the WAN or LAN. But I did test again last night. My chromecast does not like the setup with NAT Loopback, I'll work on redirecting connections over the LAN at some point but its not very high on my priority list right now. Also unless I unblock HTTP, the cert wont necessarily work over the LAN as being signed no? Swynol can you explain about cloudfare a little more? What's the requirement for that cert? Definitely interested in a 20 year cert versus Lets Encrypts 3 month cert... I'm also using the USG, how have you setup NAT loopback? i recommend static-hostname-mapping. It needs to be configured at the CLI but i can guide you that way if you want. I'm not sure why you have to go out your network and back in for HTTPS to work. If i go https://emby.mydomain.com from within my network it works fine and stays within my network. Same for HTTP. With cloudflare, you point your domain name at the cloudflare nameservers. Then in cloudflare you have a few different options. 1. your domain name goes through cloudflare CDN, so end user > cloudflare > your emby server. users connecting to you are protected with SSL to cloudflare and then another SSL cert from cloudflare to your emby server. - 20 year cert 2. your domain name points to cloudflare CDN but it uses it only as a sort of DNS. So end user > cloudflare DNS > Emby server. End user to Cloudflare protected with SSL, but from cloudflare to emby server not SSL. Users always see this as an SSL connection. cert never expires. Option 1 i use. it also has the added benefit of hiding my WAN IP. So if you ping my domain name you will only get cloudflare IP and not my home IP. Edited April 5, 2018 by Swynol Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now