How to enable secure HTTPS connection to TVMosaic server from the Internet

From TVMosaic Wiki
Jump to: navigation, search

Ports

Please, note, that TVMosaic uses ports 9370 and 9371 for the HTTPS command and streaming requests respectively. Make sure that these ports are forwarded on your router for the external access.

General

To enable secure HTTPS connection to your TVMosaic server from outside of your LAN you need two things:

  • Internet address that resolves to your external IP address
  • SSL certificate for that Internet address

Internet address that resolves to your external IP address

If you own a NAS from Synology, ASUSTOR, QNAP and some others then you may already have one. Most of the NAS manufacturers provide users with the Interet address to reach their NAS over the internet.

ASUSTOR EZ Connect, Synology QuickConnect, myQNAPcloud will provide you free of charge with the Internet address, matching your external IP address - youruniqueid.myasustor.com, youruniqueid.synology.me etc.

If you do not have a NAS or want to have a separate Internet address, then you may use free of charge DNS services such as https://freedns.afraid.org, https://www.noip.com or the likes.

SSL certificate for your Internet address

Any valid certificate will work. If you do not have one yet, we recommend using Let's Encrypt (https://letsencrypt.org) as free and open CA.

There is a big number of issuers that provide users with the certificates from Let's Encrypt. You may consider ZeroSSL (https://zerossl.com) as they provide an easy-to-use online wizard that walks you through the certificate issue process.

Please, remember, that free certificats from Let's Encrypt are valid for 3 months and have to be renewed regularly.

Installing certificate for use with TVMosaic

To use a certificate with TVMosaic you need to create a *.pem file with

  • Domain private key (section -----BEGIN RSA PRIVATE KEY-----)
  • Domain certificate (section -----BEGIN CERTIFICATE-----)
  • (optional) Cross-signed domain certificate (section -----BEGIN CERTIFICATE-----)

If you get these sections in separate files, you need to create a new *.pem file, which has all of those sections inside.

For example, when creating a ZeroSSL certificate, you download several files, namely <yourdomain>-crt.txt, <yourdomain>-csr.txt, <yourdomain>-key.txt.

The required <yourdomain>.pem file is a concatenation of <yourdomain>-crt.txt and <yourdomain>-key.txt.


The resulting *.pem file has to be put into ssl directory under TVMosaic user folder.

You need to restart TVMosaic server for it to pick up the SSL certificate.


To verify the https connectivity, open browser and connect to https://<your internet address>:9370/web

If connection is successful, you will see TVMosaic web interface with the green HTTPS symbol in the browser's address bar.