![]() the user/server/whatever hash makes it so a certificate can only be used to authenticate a specific server (even if it can have any IP) which makes it safe to hand the private key to the user.the wildcard certificate is valid whatever the IP used.the "jolly" DNS setup allows the client to connect to the server with any IP it wants - for example 192.168.1.7 when at home, 1.2.3.4 when not - which can change without waiting for any DNS propagation time.This way when a server first starts it asks for its wildcard certificate to be issued (which happened almost instantly for me) and then the client, instead of connecting to, connects to which resolves to the same IP, but with a domain name that matches the certificate that the server (and only that server, because of the hash) holds. Also note that they claim the number of servers is in the millions. It's interesting to see how Digicert minted a new Intermediate certificate for this deployment. Then they partnered with Digicert to issue a wildcard certificate for *. to each user, where HASH is - I guess - a hash of the user or server name/id.įor example see how my server presents a *. certificate now. $ dig +shortīasically any IP.*.plex.direct domain resolves to IP. First they solved the problem of servers not having a domain name or a stable IP (they are mostly reached via bare dynamic IPs or even local IPs) by setting up a dynamic DNS space under plex.direct: $ dig +short We can't ask them to get a domain name and a certificate just to watch their movies over TLS. And they need a valid public certificate: there is no UI to skip warnings generated by XHR and a self-signed certificate would be a quite poor security guarantee anyway.īut as we said above, the servers are run by the users on their own machines and IPs. active mixed content.Īlso the server connections need to be over HTTPS. The problem is that now the browser will block our XHR connections to the servers because they are HTTP connections initiated from a HTTPS page a.k.a. Let's say Plex sets up HTTPS for and we load instead. The clients connect to to discover the servers linked to your account, and then connect directly to the server.įor example, if you use the web app, you load, the app asks the list of your servers and then connect to each of them with a XHR like. The server is a piece of software that runs on your own machine, where you have all your movies and TV series. ![]() BackgroundĪ quick overview of the Plex architecture to understand why this is different from the average HTTPS deployment. This week Plex, a self-hosted media server, announced that they now offer TLS to secure all connections, including those to the user's servers. Why couldn’t they leave DLNA there on it’s own ? seriously…really frustrating interface…anyhow, Ive tried through the desktop app, the web app, and the mobile app, and same result on all !!! WTF FFS !!! ordinarily I would say a firmware update required but you don’t get access to that either…Ĭan’t see any info on any router settings required.How Plex is doing HTTPS for all its users WD My cloud home is working fine on the network with the 192.168.0 range from the router, but after enabling PLEX though the settings, then hit configure, it trys to re-direct to the 192.168.1.12 address for configuration…obviously this is never going to happen…even tried a different network with a 192.168.1.* network and it STILL doesn’t get past it…just comes back with error - obviously…It seriously looks like a major bug to me…and of course the WD My cloud home has no settings to to play with…no IP address to set, no plex server address, no DLNA settings, no nothing. ![]() what gives there ? even tried the My Cloud Home device on a different network - same issue… Cannot see any settings within My Cloud Home relating to this. Been searching for hours on this one …After enabling Plex service, then hitting configure on the My Cloud Home page, a ‘using plex’ page appears and after hitting ‘got it’ it tries to redirect to an invalid IP address and returns an error.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |