Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Stream channels via HTTPS (443) #1605

Open
wmf39 opened this issue Mar 5, 2023 · 8 comments
Open

Stream channels via HTTPS (443) #1605

wmf39 opened this issue Mar 5, 2023 · 8 comments
Labels
Feature Request 💡 Bring your ideas

Comments

@wmf39
Copy link

wmf39 commented Mar 5, 2023

Is your feature request related to a problem? Please describe.
I parted my private network via VLAN. For communication between this networks I want to use only secured protocols.

Describe the solution you'd like
When I stream recordings, it works with HTTPS/443. The link looks like below:
https://vuduo4kse.local:443/file?file=/media/hdd/movie/xxxxxxx.ts
When I stream channels, it doesn't work with HTTPS/443. The standard link with 8001 looks like
http://vuduo4kse.local:8001/1:0:...:
It would be nice if it would work with
https://vuduo4kse.local:443/1:0:...:
or maybe
https://vuduo4kse.local:443/stream?stream=1:0:...:

Describe alternatives you've considered
I don't tested it, but it should be possible to run a reverse proxy on the Vu+, close 8001/8002 for external access and forward HTTPS/443 to HTTP/8001/8002.

@wmf39 wmf39 added the Feature Request 💡 Bring your ideas label Mar 5, 2023
@wedebe
Copy link
Collaborator

wedebe commented Mar 5, 2023

I believe this has been logged before, and from what I can remember, there's a hard-coded protocol and/or port involved somewhere.

@jbleyel
Copy link
Contributor

jbleyel commented Mar 5, 2023

Stream of recordings is a progressive download and not comparable with a live stream.
Reverse proxy as a replacement for port 8001 makes no sense because this will never be an encrypted stream.

Stream over https is only possible for recodings.

@wedebe
Copy link
Collaborator

wedebe commented Mar 5, 2023

Stream of recordings is a progressive download and not comparable with a live stream.

Regardless, anything that's served over HTTP should also be available through HTTPS.

@jbleyel
Copy link
Contributor

jbleyel commented Mar 5, 2023

Port 8001 stream is not http. This is something completely different and part of the enigma core code.
This has nothing to do with the openwebif.

@wmf39
Copy link
Author

wmf39 commented Mar 5, 2023

Related to reverse proxy: This was a suggestion by the "dream Player" app. It allows to configure HTTPS for channels in their settings. The (free translated) help text is: "HTTPS streaming for channels is not supported by most receivers. If you use a reverse proxy or an alternative, it can be activated." If configured, the app generate the link https://vuduo4kse.local:443/1:0:...:

@WanWizard
Copy link
Contributor

Port 8001 stream is not http. This is something completely different and part of the enigma core code. This has nothing to do with the openwebif.

Also, it is pretty pointless to adding encryption overhead to a live stream. The entire STB is not a security device, so exposing any port, streaming or otherwise, on the internet is a very bad idea.

If you want to, use an external WAF with reverse proxy and SSL offloading functionality.

@wmf39
Copy link
Author

wmf39 commented Sep 12, 2023

Worked very well via SSL tunneling for testing purposes.

@WanWizard
Copy link
Contributor

Yes, why not? A proxy is a proxy.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Feature Request 💡 Bring your ideas
Projects
None yet
Development

No branches or pull requests

4 participants