Jump to content

Reverse proxy, SSL & EMBY server

Rumbaar

By Rumbaar
in General/Windows

 Share

Recommended Posts

Rumbaar

Rumbaar 13

Posted
Posted

I've setup a reverse proxy (Nginx), and I've assigned a SSL certificate to that primary domain.  If I access my EMBY machine via that https:// path, I don't need to set EMBY as a SSL connection within the configuration?   As I don't have the certificates on that server machine I can't configure it as such.  Just means that internally it's not encrypted, but that shouldn't be an issue?

 

Can I force https for just that connection, at the Nginx level?

pir8radio

pir8radio 1312

Posted
Posted

I've setup a reverse proxy (Nginx), and I've assigned a SSL certificate to that primary domain.  If I access my EMBY machine via that https:// path, I don't need to set EMBY as a SSL connection within the configuration?   As I don't have the certificates on that server machine I can't configure it as such.  Just means that internally it's not encrypted, but that shouldn't be an issue?

 

Can I force https for just that connection, at the Nginx level?

 

Its not an issue...   The bad guy must be on your local network for you to be concerned..  Is even less of an issue if the emby and nginx are on the same server.    You can use an emby self signed cert and nginx will accept it, but there is no real benefit.

Tur0k

Tur0k 148

Posted
Posted

I've setup a reverse proxy (Nginx), and I've assigned a SSL certificate to that primary domain. If I access my EMBY machine via that https:// path, I don't need to set EMBY as a SSL connection within the configuration? As I don't have the certificates on that server machine I can't configure it as such. Just means that internally it's not encrypted, but that shouldn't be an issue?

 

Can I force https for just that connection, at the Nginx level?

So, I assume you have nginx installed on a separate server. without an SSL cert configured on Emby your server would force connections to the unencrypted port. The risk in this case would be if a device on your internal network was

1. compromised

2. Managed to be connected to a trunk port.

3. Sniffed the unencrypted traffic.

 

This scenario isn't likely but not entirely impossible. It would be more secure to have a trusted certificate between the Emby server and RP, but I will admit this is more work than you likely need to take.

 

 

Sent from my iPhone using Tapatalk

Rumbaar

Rumbaar 13

Posted
  • Author
Posted

Thanks for the feedback, yeah figured it wasn't too much an issue.   Yes EMBY and nginx are on different machines.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...