Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New feature: HTTPS option in settings #369

Closed
jkscz opened this issue Jun 14, 2018 · 5 comments · Fixed by #400
Closed

New feature: HTTPS option in settings #369

jkscz opened this issue Jun 14, 2018 · 5 comments · Fixed by #400
Labels
Feature

Comments

@jkscz
Copy link
Contributor

jkscz commented Jun 14, 2018

Please can you add option for secure communication in settings? When client communicate over HTTP, then communication is unsecured. When a Apache web server is built in front of TVheadend server as HTTPS proxy, HTTP communication must be redirected to HTTPS port. Unfortunately, the client is able to send the login information before the communication is redirected to the HTTPS protocol. The login information can easily be intercepted during initial communication via the HTTP protocol. If communication could be started directly on the HTTPS protocol, communication would be secured and the login data could not be intercepted. The HTTPS option is great possibilty how to secure TV streaming outside LAN.
How to built HTTPS proxy for TVheadend:
https://tvheadend.org/boards/5/topics/20739
https://tvheadend.org/issues/4372
https://tvheadend.org/boards/5/topics/27593

Complete Apache config:

<VirtualHost *:443>
  SSLEngine on
  ServerName tvh.server.net:443
  SSLCertificateFile "c:\Users\Administrator\AppData\Roaming\crt\tvh.server.net-chain.pem"
  SSLCertificateKeyFile "c:\Users\Administrator\AppData\Roaming\crt\tvh.server.net-key.pem"
  CustomLog "${SRVROOT}/logs/tvh-server-net_ssl_request.log" \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

ProxyRequests Off
ProxyPreserveHost On

ProxyPass /comet/ws ws://192.168.0.50:9981/comet/ws
ProxyPassReverse /comet/ws ws://192.168.0.50:9981/comet/ws

ProxyPass / http://192.168.0.50:9981/
ProxyPassReverse / http://192.168.0.50:9981/

AddOutputFilterByType INFLATE;SUBSTITUTE;DEFLATE audio/x-mpegurl
Substitute "s|http://|https://|i"
</virtualhost> 


Redirect:

<VirtualHost *:80>
    ServerName tvh.server.net
    ErrorLog logs/tvh.server.net-error_log
    CustomLog logs/tvh.server.net-access_log common

    Redirect / https://tvh.server.net/
</VirtualHost>
@fsegouin
Copy link

fsegouin commented Aug 9, 2018

+1 for this one. I have my tvheadend backend behind a reverse proxy that supports SSL and it's all working well with https://github.com/zipleen/tvheadend-iphone-client. Any chance we could have SSL support in the kodi addon?

@jobrien2001
Copy link

+1 for this feature. I am in the same boat.

@sic79
Copy link

sic79 commented Dec 15, 2018

+1. Would really love to have this feature also

@trimethia
Copy link

+1 using nginx reverse proxy behind tvh backend too and need this.

@rubdos rubdos mentioned this issue Jan 30, 2019
Merged
@ksooo ksooo added the Feature label Jun 14, 2019
@ksooo ksooo closed this as completed in #400 Mar 3, 2020
@Gee1111
Copy link

Gee1111 commented Nov 1, 2020

+111!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

https support rubdos/pvr.hts
7 participants
@fsegouin @ksooo @jobrien2001 @trimethia @jkscz @sic79 @Gee1111