Jump to content

How to Renew SSL Certs on Windows

Spaceboy

By Spaceboy
in General/Windows

 Share

Recommended Posts

Spaceboy

Spaceboy 2573

Posted
  • Author
Posted (edited)

yes nssm with those arguments is fine.

 

to work on the security we need to add a few things. now this is where i am not sure how it works in caddy. whether you can add it as a global setting or have to add each reverse proxy block individually.

 

so like you had before notice i changed x-frame-options otherwise all your services wont work within the organizr 

 

    header /emby {

 -Server

 Strict-Transport-Security "max-age=31536000;"

 Referrer-Policy "strict-origin"

 X-XSS-Protection "1; mode=block"

 X-Content-Type-Options "nosniff"

 X-Frame-Options "SAMEORIGIN"

the original caddyfile was just header /

 

i added emby after the / while i was trying to get the other services working. so should this be header / to apply the security settings globally?

 

and should these changes allow my remote user to log in?

Edited by Spaceboy
Swynol

Swynol 375

Posted
Posted (edited)

ok that makes sense. yes just use / to add it globally. 

 

I'm not really sure why your remote user cant login with his fire tv stick. i've used one remotely using a reverse proxy and https and it worked fine. 

Just access your diskstation you can add

 

proxy /diskstation 192.168.1.4:5000 {
    transparent
    websocket

}

 

aslong as your diskstation has a login, otherwise your opening it to the internet.

 

on the firetv you should be navigating to https://mydomain.com/emby

 

dont need to add any port numbers. 

 

once you have added the security headers: test it at https://securityheaders.io/  should get a A- at least

Edited by Swynol
Spaceboy

Spaceboy 2573

Posted
  • Author
Posted

ok that makes sense. yes just use / to add it globally. 

 

I'm not really sure why your remote user cant login with his fire tv stick. i've used one remotely using a reverse proxy and https and it worked fine. 

Just access your diskstation you can add

 

proxy /diskstation 192.168.1.4:5000 {

    transparent

    websocket

}

 

aslong as your diskstation has a login, otherwise your opening it to the internet.

 

on the firetv you should be navigating to https://mydomain.com/emby

 

dont need to add any port numbers. 

 

once you have added the security headers: test it at https://securityheaders.io/  should get a A- at least

yeah i tried proxy /diskstation 192.168.1.4:5000 but it doesnt work. i get a page from the diskstation telling me that the page cannot be found. i guess this is some sort of security feature?

 

i added the security headers but i only get a B-. Content security policy and public key pins are red.

 

he was trying https:/mydomain/emby without a port before and it wasnt working. i can ask him to try again. i'll be there in 10 days but he's competent enough to add the details correctly. i think :)

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...