vaise 340 Posted January 5, 2019 Posted January 5, 2019 Im looking to restrict admin's to LAN only? Is that possible anywhere ? 1
Luke 42079 Posted January 5, 2019 Posted January 5, 2019 We don't currently have any settings for that, although it's not a bad idea.
rbjtech 5284 Posted January 5, 2019 Posted January 5, 2019 I don't like disagreeing with Luke - but I simply unticked the 'allow remote connections' on the Admin account settings - and now Admins can only connect via LAN .. Attempting a remote login on this account is denied. Is that not what the OP is asking ?
Happy2Play 9780 Posted January 5, 2019 Posted January 5, 2019 (edited) I don't like disagreeing with Luke - but I simply unticked the 'allow remote connections' on the Admin account settings - and now Admins can only connect via LAN .. Attempting a remote login on this account is denied. Is that not what the OP is asking ? Pretty sure OP wants to restrict Dashboard access to LAN only. Edited January 5, 2019 by Happy2Play
rbjtech 5284 Posted January 5, 2019 Posted January 5, 2019 Thanks Happy2Play, but as a non 'Manager/Admin' (also an option on the same settings page) - I don't even get access to the dashboard. Lets see if that's what the OP wants - but my only Admin (Manager) account is set for LAN only - so I can't administer the server remotely - and I *think* that is what the OP likely wants for security reasons - ie if the account did get compromised remotely, then they do not have the ability to cause damage or add accounts etc.
ebr 16184 Posted January 5, 2019 Posted January 5, 2019 Pretty sure he wants to be able to browse and play content but just not manage the server. Your solution denies any connection at all. Thanks.
rbjtech 5284 Posted January 5, 2019 Posted January 5, 2019 OK, perhaps this is me missing the OP's point entirely , but you simply have two accounts setup - one for administering Emby and the other for 'normal' use. All standard good computing practice - nothing new here. On the Admin account - you tick the 'Manager' box and untick 'remote access'. You can now only Administer Emby from the LAN. On the Normal account - you untick the 'Manager' and tick the 'remote access'. You can now only View/Play Emby content from the LAN or WAN. If you wanted the ability to Admin from the WAN - then you tick both the 'Manager' and 'Remote' boxes .. Am I missing something ?
ebr 16184 Posted January 5, 2019 Posted January 5, 2019 OK, perhaps this is me missing the OP's point entirely , but you simply have two accounts setup - one for administering Emby and the other for 'normal' use. All standard good computing practice - nothing new here. On the Admin account - you tick the 'Manager' box and untick 'remote access'. You can now only Administer Emby from the LAN. On the Normal account - you untick the 'Manager' and tick the 'remote access'. You can now only View/Play Emby content from the LAN or WAN. If you wanted the ability to Admin from the WAN - then you tick both the 'Manager' and 'Remote' boxes .. Am I missing something ? That is a valid approach (and a workaround for now) but it forces one to log out and back in with a different user every time they want to administer something and some people don't want that hassle. So, the request is a valid one. 1
jon_ 27 Posted January 5, 2019 Posted January 5, 2019 Are you allowing direct connections remotely, or using a reverse proxy? If you are using a reverse proxy you may be able to blacklist rewriting the dashboard URL (/web/index.html#!/dashboard.html) and all of the other links in the dashboard sidebar. Not sure if if it'd have any side effects / bad consequences but might be worth investigating...
vaise 340 Posted January 8, 2019 Author Posted January 8, 2019 Thanks for all the comments. I am yes trying to use the same user. I am the admin, and I have a ton of years watched history - Never accessed remotely as my upload speed was non-existant, now on the Australian NBN and 50 down/20 up so I have opened it up to a few family member and when I am on the road. I am using nginx reverse proxy, but that rewrite seems a bit beyond my nginx skills. If someone was to try and guess my password - I would prefer to lock down admins at the emby server level in some way (lan only tickbox).
jon_ 27 Posted January 8, 2019 Posted January 8, 2019 @@pir8radio may be able to help on the nginx side
legallink 187 Posted January 8, 2019 Posted January 8, 2019 Thanks for all the comments. I am yes trying to use the same user. I am the admin, and I have a ton of years watched history - Never accessed remotely as my upload speed was non-existant, now on the Australian NBN and 50 down/20 up so I have opened it up to a few family member and when I am on the road. I am using nginx reverse proxy, but that rewrite seems a bit beyond my nginx skills. If someone was to try and guess my password - I would prefer to lock down admins at the emby server level in some way (lan only tickbox). Why don’t you preserve your current user with watched history, remove admin access and create a new admin user (not in that order).
vaise 340 Posted January 8, 2019 Author Posted January 8, 2019 Well..... That would just make too much sense now wouldn't it. I will do that.
Happy2Play 9780 Posted January 8, 2019 Posted January 8, 2019 Or the backup plugin can map userdata to new user.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now