vaise 307 Posted January 5, 2019 Share Posted January 5, 2019 Im looking to restrict admin's to LAN only? Is that possible anywhere ? 1 Link to comment Share on other sites More sharing options...
Luke 37252 Posted January 5, 2019 Share Posted January 5, 2019 We don't currently have any settings for that, although it's not a bad idea. Link to comment Share on other sites More sharing options...
rbjtech 4333 Posted January 5, 2019 Share Posted January 5, 2019 I don't like disagreeing with Luke - but I simply unticked the 'allow remote connections' on the Admin account settings - and now Admins can only connect via LAN .. Attempting a remote login on this account is denied. Is that not what the OP is asking ? Link to comment Share on other sites More sharing options...
Happy2Play 8356 Posted January 5, 2019 Share Posted January 5, 2019 (edited) I don't like disagreeing with Luke - but I simply unticked the 'allow remote connections' on the Admin account settings - and now Admins can only connect via LAN .. Attempting a remote login on this account is denied. Is that not what the OP is asking ? Pretty sure OP wants to restrict Dashboard access to LAN only. Edited January 5, 2019 by Happy2Play Link to comment Share on other sites More sharing options...
rbjtech 4333 Posted January 5, 2019 Share Posted January 5, 2019 Thanks Happy2Play, but as a non 'Manager/Admin' (also an option on the same settings page) - I don't even get access to the dashboard. Lets see if that's what the OP wants - but my only Admin (Manager) account is set for LAN only - so I can't administer the server remotely - and I *think* that is what the OP likely wants for security reasons - ie if the account did get compromised remotely, then they do not have the ability to cause damage or add accounts etc. Link to comment Share on other sites More sharing options...
ebr 14959 Posted January 5, 2019 Share Posted January 5, 2019 Pretty sure he wants to be able to browse and play content but just not manage the server. Your solution denies any connection at all. Thanks. Link to comment Share on other sites More sharing options...
rbjtech 4333 Posted January 5, 2019 Share Posted January 5, 2019 OK, perhaps this is me missing the OP's point entirely , but you simply have two accounts setup - one for administering Emby and the other for 'normal' use. All standard good computing practice - nothing new here. On the Admin account - you tick the 'Manager' box and untick 'remote access'. You can now only Administer Emby from the LAN. On the Normal account - you untick the 'Manager' and tick the 'remote access'. You can now only View/Play Emby content from the LAN or WAN. If you wanted the ability to Admin from the WAN - then you tick both the 'Manager' and 'Remote' boxes .. Am I missing something ? Link to comment Share on other sites More sharing options...
ebr 14959 Posted January 5, 2019 Share Posted January 5, 2019 OK, perhaps this is me missing the OP's point entirely , but you simply have two accounts setup - one for administering Emby and the other for 'normal' use. All standard good computing practice - nothing new here. On the Admin account - you tick the 'Manager' box and untick 'remote access'. You can now only Administer Emby from the LAN. On the Normal account - you untick the 'Manager' and tick the 'remote access'. You can now only View/Play Emby content from the LAN or WAN. If you wanted the ability to Admin from the WAN - then you tick both the 'Manager' and 'Remote' boxes .. Am I missing something ? That is a valid approach (and a workaround for now) but it forces one to log out and back in with a different user every time they want to administer something and some people don't want that hassle. So, the request is a valid one. 1 Link to comment Share on other sites More sharing options...
jon_ 23 Posted January 5, 2019 Share Posted January 5, 2019 Are you allowing direct connections remotely, or using a reverse proxy? If you are using a reverse proxy you may be able to blacklist rewriting the dashboard URL (/web/index.html#!/dashboard.html) and all of the other links in the dashboard sidebar. Not sure if if it'd have any side effects / bad consequences but might be worth investigating... Link to comment Share on other sites More sharing options...
vaise 307 Posted January 8, 2019 Author Share Posted January 8, 2019 Thanks for all the comments. I am yes trying to use the same user. I am the admin, and I have a ton of years watched history - Never accessed remotely as my upload speed was non-existant, now on the Australian NBN and 50 down/20 up so I have opened it up to a few family member and when I am on the road. I am using nginx reverse proxy, but that rewrite seems a bit beyond my nginx skills. If someone was to try and guess my password - I would prefer to lock down admins at the emby server level in some way (lan only tickbox). Link to comment Share on other sites More sharing options...
jon_ 23 Posted January 8, 2019 Share Posted January 8, 2019 @@pir8radio may be able to help on the nginx side Link to comment Share on other sites More sharing options...
legallink 187 Posted January 8, 2019 Share Posted January 8, 2019 Thanks for all the comments. I am yes trying to use the same user. I am the admin, and I have a ton of years watched history - Never accessed remotely as my upload speed was non-existant, now on the Australian NBN and 50 down/20 up so I have opened it up to a few family member and when I am on the road. I am using nginx reverse proxy, but that rewrite seems a bit beyond my nginx skills. If someone was to try and guess my password - I would prefer to lock down admins at the emby server level in some way (lan only tickbox). Why don’t you preserve your current user with watched history, remove admin access and create a new admin user (not in that order). Link to comment Share on other sites More sharing options...
vaise 307 Posted January 8, 2019 Author Share Posted January 8, 2019 Well..... That would just make too much sense now wouldn't it. I will do that. Link to comment Share on other sites More sharing options...
Happy2Play 8356 Posted January 8, 2019 Share Posted January 8, 2019 Or the backup plugin can map userdata to new user. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now