So close..... but no cigar (https-SSL access)

TVMosaic live and recorded TV products for Desktop/NAS/Raspbery Pi
Post Reply
Montoya
Posts: 222
Joined: Mon Feb 26, 2018 9:07 am

So close..... but no cigar (https-SSL access)

Post by Montoya » Fri May 24, 2019 8:08 pm

Using Cloudflare successfully for Emby secured access with SSL and now testing TVMosaic through Cloudflare, but so far no cigar for the new build.

Issues:
1. No pxf support, for safeguarding certificate with password for extra security
2. No channel logo import into client when accessed over secured port (tested web access)
3. No Client support yet for secured access by DOMAIN (Kodi/iOS etc clients)
4. Why still using 2 ports when user has setup secured access with SSL ? Emby works perfectly fine over 1 secured port for Live TV, user content etc ...
DVBLink server 6.0.0 build14499, DVBLink TVSource 6.0.0 build14061, DVBLink for IPTV build 13107
TVMosaic server build 17679, Kodi 18.2 (Git:20190422-f2643566d0), Win10 Pro x64 1903 build18362.207

Oberon
Posts: 1279
Joined: Thu Jan 26, 2017 8:45 am

Re: So close..... but no cigar (https-SSL access)

Post by Oberon » Fri May 24, 2019 9:24 pm

From the list I only see a channel logo as an issue. It is a bug, indeed, and will be corrected soon.

For the rest
- pfx support is just a nice to have, since this is your system under your control
- Android, tvOS clients and web interface all support https connection. iOS client is under review at AppStore. Kodi does not really need it as it is usually a LAN client.
- Having both ports exposed is a normal practice - you just choose the one that you use.

Montoya
Posts: 222
Joined: Mon Feb 26, 2018 9:07 am

Re: So close..... but no cigar (https-SSL access)

Post by Montoya » Fri May 24, 2019 9:44 pm

Oberon wrote:
Fri May 24, 2019 9:24 pm
From the list I only see a channel logo as an issue. It is a bug, indeed, and will be corrected soon.
Clear
Oberon wrote:
Fri May 24, 2019 9:24 pm
For the rest
- pfx support is just a nice to have, since this is your system under your control
Really ?
What about Zero day attacks, when my private certificate gets compromised ?!
With pxf that I'm using with Emby, I don't have to worry about certificate getting compromised, because it's encrypted with password to unlock, so I don't have to create a new certificate in case of stolen certificate.
Oberon wrote:
Fri May 24, 2019 9:24 pm
- Android, tvOS clients and web interface all support https connection. iOS client is under review at AppStore.
Clear
Oberon wrote:
Fri May 24, 2019 9:24 pm
Kodi does not really need it as it is usually a LAN client.
Not in my use case (WAN for family access, WAN for access when traveling/on Holiday etc)
Oberon wrote:
Fri May 24, 2019 9:24 pm
- Having both ports exposed is a normal practice - you just choose the one that you use.
Will check with new iOS version when released.
DVBLink server 6.0.0 build14499, DVBLink TVSource 6.0.0 build14061, DVBLink for IPTV build 13107
TVMosaic server build 17679, Kodi 18.2 (Git:20190422-f2643566d0), Win10 Pro x64 1903 build18362.207

Oberon
Posts: 1279
Joined: Thu Jan 26, 2017 8:45 am

Re: So close..... but no cigar (https-SSL access)

Post by Oberon » Sat May 25, 2019 8:14 am

Regarding the channel logo display. There are three things here:
- Chanel logo's assigned from the packages inside the TVMosaic configuration (e.g. local logo's) are displayed correctly in the guide
- Local channel logo's thumbnails are not displayed in the configuration part ("Available logos" on Settings/Channels/Logo's ). This is a bug, although not critical, and will be fixed soon.
- External channel logo's from your IPTV provider are not displayed because they are sources from http. This is the web browser behavior, referred to as Mixed content page handling. It might be fixed for some browsers by allowing it in browser settings. There is not much we can do about it.

Montoya
Posts: 222
Joined: Mon Feb 26, 2018 9:07 am

Re: So close..... but no cigar (https-SSL access)

Post by Montoya » Tue Jun 04, 2019 6:11 pm

Just tested iOS app to see if it works with my domain managed by Cloudflare, but it doesn't :!:

Cloudflare ONLY supports these https ports:
The HTTPs ports that Cloudflare support are:
443
2053
2083
2087
2096
8443
https://support.cloudflare.com/hc/en-us ... work-with-

So can changes be made to TVMosaic server to support above allowed Cloudflare https ports which the user can set in TVMosaic server options, just like in DVBLink, where the user can set their own port numbers ?

Oberon wrote:
Sat May 25, 2019 8:14 am
- Chanel logo's assigned from the packages inside the TVMosaic configuration (e.g. local logo's) are displayed correctly in the guide
Doesn't work with Cloudflare domain management, due to Cloudflare not supporting https port 9371

Oberon wrote:
Sat May 25, 2019 8:14 am
- External channel logo's from your IPTV provider are not displayed because they are sources from http. This is the web browser behavior, referred to as Mixed content page handling. It might be fixed for some browsers by allowing it in browser settings. There is not much we can do about it.
Cloudflare can take care of that, by forcing http traffic over https.
https://support.cloudflare.com/hc/en-us ... S-rewrites
DVBLink server 6.0.0 build14499, DVBLink TVSource 6.0.0 build14061, DVBLink for IPTV build 13107
TVMosaic server build 17679, Kodi 18.2 (Git:20190422-f2643566d0), Win10 Pro x64 1903 build18362.207

Montoya
Posts: 222
Joined: Mon Feb 26, 2018 9:07 am

Re: So close..... but no cigar (https-SSL access)

Post by Montoya » Wed Jun 26, 2019 7:33 pm

Still NO options in today's Build 17679 to set CUSTOM port numbers for:

1. HTTPS control/base port
2. HTTPS stream port

Can we expect this in a future build or can we not expect this in a future build of TVMosaic :?:

I need this to set SEPARATE control and streaming ports for Cloudlfare supported HTTPS proxy ports:
443
2053
2083
2087
2096
8443
@Oberon, TVMosaic is useless WITH CLOUDFLARE, because there are NO consecutive CLOUDFLARE HTTPS proxy ports available....
DVBLink server 6.0.0 build14499, DVBLink TVSource 6.0.0 build14061, DVBLink for IPTV build 13107
TVMosaic server build 17679, Kodi 18.2 (Git:20190422-f2643566d0), Win10 Pro x64 1903 build18362.207

Post Reply