treason 11 Posted April 30, 2014 Share Posted April 30, 2014 (edited) I am going to be away from home for a few months and I plan on streaming my content remotely to a roku box. If I am on a public wifi, or a hotel room, what stops someone from sniffing the traffic and pulling my API key, then accessing all of my content? Is SSL an option to encrypt the requests? I'd prefer if a third party (hotel room, my ISP) not to know "what" I am streaming if possible. Thanks Edited April 30, 2014 by treason 2 Link to comment Share on other sites More sharing options...
Koleckai Silvestri 1150 Posted April 30, 2014 Share Posted April 30, 2014 Currently, you would need to go through a VPN to your server. Hopefully this is added soon as it is very important for security and privacy. Link to comment Share on other sites More sharing options...
Beardyname 195 Posted April 30, 2014 Share Posted April 30, 2014 Until this gets implemented you can totally do it with a reverse proxy and force ssl! I'm currently doing this with Authentication on apache. Works like a charm Link to comment Share on other sites More sharing options...
treason 11 Posted April 30, 2014 Author Share Posted April 30, 2014 Beardy, Can you do this with IIS and not apache? I also have DD-WRT but the VPN isn't very reliable (im not even sure roku supports VPN) Link to comment Share on other sites More sharing options...
Beardyname 195 Posted April 30, 2014 Share Posted April 30, 2014 @@treason, should work. I have not tested it myself, but try googling around for a guide of some sorts. I'm not really an expert on IIS though so i would not really know Link to comment Share on other sites More sharing options...
treason 11 Posted April 30, 2014 Author Share Posted April 30, 2014 Ok so turns out I am already running a reverse proxy and didnt even know it.. IIS has url rewrite, which means I can say when a request goes to https://myhost.com/mediabrowser internally pull the traffic from http://interalip:8092/mediabrowser I have that setup now, and it works fine for the web client, but I highly doubt a roku client or any client for that matter, allows you to change the protocal to https So on my host i have like https://myhost.com/torrent https://myhost.com/sab https://myhost.com/sickbeard https://myhost.com/mediabrowser etc.. Unless there's a way to run SSL on port 80 and not 443? I dont know.. it doesnt seem possible Link to comment Share on other sites More sharing options...
Koleckai Silvestri 1150 Posted April 30, 2014 Share Posted April 30, 2014 You would point your MediaBrowser Client to the server in its settings. The Roku doesn't handle that. You'd have to test it though. One thing about SSL is that the client needs to be able to decrypt what is sent and if your reverse proxy sends encrypted data, the MediaBrowser Client probably won't know how to decrypt it. The Roku does handle SSL and HTTPS though. For VPN, the Roku uses a mirrored connection through another device like a laptop or computer. That handles the decryption properly. MIght be easier to use a laptop and web browser. If you have one. Link to comment Share on other sites More sharing options...
treason 11 Posted April 30, 2014 Author Share Posted April 30, 2014 The mirrored connection sounds like a drag to setup (too many points of failure), and you're right on the SSL, each client has to make mods to support SSL. I guess I have to go insecure mode and hope the NSA isn't watching Link to comment Share on other sites More sharing options...
Luke 37272 Posted May 1, 2014 Share Posted May 1, 2014 it's planned. 1 Link to comment Share on other sites More sharing options...
altramarine 21 Posted May 23, 2014 Share Posted May 23, 2014 SSL addition would be a killer feature:) Link to comment Share on other sites More sharing options...
mbnwa 49 Posted October 10, 2014 Share Posted October 10, 2014 (edited) UPDATE: It seems if you log out of the iPad app (maybe others) you can not log back in the Web GUI seems to work just fine however App's do not seem to like the redirect for the auth token even though it would seem it works if you have the device registered before making the change. I am not sure this is something that can be resolved with out app developers help and seeing this is not an official fix I doubt that will happen. What I have done is the following: Reconfigure Media Browser Server to listen on 8095 and setup NginX to listen on 8096 redirecting all traffic that comes in as http ==> https (seems to work with all clients I have tested after the initial request is made via http) (I have a 3rd party SSL cert - I am using NameCheap for 9.95yr) Install NginX from nginx/Windows-1.7.6 to c:\ and added a directory inside the NginX folder called ssl take the below config and overwrite NginX/conf/nginx.conf Create a self signed ssl cert or get a 3rd party SSL cert (Self Signed certs may not work with 3rd party clients due to the SSL warning that would be presented) and place into the NginX/ssl directory and update the config with the CRT and KEY names accordingly. Start NginX and enjoy your SSL enabled streaming, Config: #user nobody; worker_processes 4; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 1024; } http { types_hash_max_size 2048; client_header_buffer_size 16k; client_max_body_size 64m; large_client_header_buffers 12 16k; client_body_buffer_size 1024k; tcp_nopush on; keepalive_timeout 15; tcp_nodelay on; server { listen 8096 ssl; ssl_certificate /nginx-1.7.6/ssl/ssl_cert.crt; ssl_certificate_key /nginx-1.7.6/ssl/ss_cert_key.key; error_page 497 https://$host:$server_port$request_uri; location /{ proxy_pass http://localhost:8095; proxy_redirect off; proxy_set_header Host $host:$server_port; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Ssl on; } } } Edited October 12, 2014 by mbnwa 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now