In reference to your long term solution (Google Chrome block videos on a webpage with embedded code from NCS - #3), i use a hosted website (abc.com) and stream from my public ip (publicip:8100) does NCS want my certificate to match my public ip or does it need to match my abc.com address where it hosts the stream? I already paid for a trusted cert through RapidSSL as i want my customers to have the lock and no unsecure messages.
Thanks
Hi,
I assume the cert from RapidSSL is for the website abc.com.
The important part for Google Chrome to not block the video from NCS is to use https://publicIP:8100 in the embedded html code. The information from the source must be encrypted. Using http will block the streaming video. Chrome do not react on if the certificate running NCS in https is a self-signed certificate or a trusted certificate.
The certificates for NCS and abc.com are two separate things and not connected.
-Henrik
Ok, so my certificate domain name should be my ‘publicip:8100’? not sure how to get a certificate for an ip address and port…i assume its possible?
You don´t need a trusted certificate for NCS on ‘publicip:8100’. A self-signed certificate is enough.
However, if you must have a trusted certificate for NCS then you must have a domain name etc.That is not my speciality.
Start with the self-signed certificate and when that works with abc.com you can think about the future.
-Henrik
Ok, ill try that.
Thanks for your help.
i do it that way:
1x small Linux VM or Raspberry PI
1x DynDNS Record
1x or more CNAMEs for my domain
Configuration:
The Linux VM is exposte to the Internet via Portforwarding 80 and 443, software on the linux host is: Docker with traefik. That dit the following it is configured to recvie the requests for your dyndns record and or your cnames with are also has the dyndns records as the desternations. that traefik will get a letsencrypt certifacte for it. and depending on the configuration and the hostnames it will redirect the traffic to the ncs or any other service inside of your network and all this with auto renewd vailid ssl certificates:
so for the understandig the traffic flows this way:
Public Internet → PublicIP (dyndns or host) → the linux VM Port 80 and Port 443 → the ncs port 8100 (no cert needet) for internal access you can split your dns like your.dyndns.org → your internal traefik IP
For me that works greate. i published the ncs to the internet with default ports. witch are not blocket wherever i am.
kind regards
matze
Hi Matze,
Thanks for sharing your excellent solution. Is this is a solution only for NCS or do you have a regular LAN with other systems also running behind the Linux VM?
-Henrik
i use it with multiple services such as my nextcloud or my nas. but i have other friends where i configuerd it only for ncs.
dependening on the firewall or router is installed you can put the linux vm in the dmz.
if needed or you like to put this in your dokumentation i can share the config files with you.
Does it matter which dynamic dns provider you use? can we use a free one?
you can use any dyndns provider you like. it dosen´t matter.
I’m new to using certificates, where do i need to install it?
Thanks.
so everybody how is interested in this i create a git repository with the informations you need: