Home of the Squeezebox™ & Transporter® network music players.
Page 4 of 9 FirstFirst ... 23456 ... LastLast
Results 31 to 40 of 81
  1. #31
    Member
    Join Date
    Nov 2016
    Location
    London, UK
    Posts
    42
    Quote Originally Posted by caplam View Post
    thank you for your answer.
    For now my concern is to find out how to treat the incoming traffic from amazon. If my understanding is right, it's not http traffic so i can't use synology reverse proxy.
    (I have several servers like jeedom which i can join on jeedom.mydomain.fr for example ). Probably i need to open another port and cannot proxify this service.
    That's right you'll need a raw TCP SSL streaming reverse proxy. Again I recommend using stunnel for this - it's how others have got it working.

    If you really don't want to / can't, you could try HA Proxy or even try newer Nginx (might even be possible using the DSM one but i doubt it). This way will be trickier though

  2. #32
    I'll probably go with stunnel in docker container on synology nas. But i'll have to dig a bit more as, for now, i don't really understand network management with docker and particularly synology's implementation.

    edit: my concern is to make easy reverting changes on my network and servers. Docker is perfect for that. I also will have to find a way to automate cert update for stunnel as let's encrypt cert is automatically renewed every 3 month.
    Last edited by caplam; 2018-07-25 at 05:21.
    LMS 7.9.1 on a debian jessie vm (esxi 5.5)
    1xboom, 1x sq3, 2x sonos play1, foobar 2000, zettaly
    spotify family
    ipeng
    plugins: spotty, upnpbridge, airplay bridge, shairtunes2W, youtube, soundcloud

  3. #33
    Senior Member
    Join Date
    Oct 2010
    Posts
    118
    Quote Originally Posted by caplam View Post
    I'll probably go with stunnel in docker container on synology nas. But i'll have to dig a bit more as, for now, i don't really understand network management with docker and particularly synology's implementation.

    edit: my concern is to make easy reverting changes on my network and servers. Docker is perfect for that. I also will have to find a way to automate cert update for stunnel as let's encrypt cert is automatically renewed every 3 month.
    So your plan is to share the same Letsencrypt certs with stunnel in docker and use this container only for squeeze-alexa?
    If you succeed please share, I run my NGINX with Letsencrypt on a nuc but Docker on a QNAP NAS. So it might be possible for me to use the same approach.

    It seems that stunnel is the preferred way to go but I┤m really afraid to mess up my current NGINX+let┤s encrypt setup....

  4. #34
    Senior Member
    Join Date
    Oct 2010
    Posts
    118
    Quote Originally Posted by nickb View Post
    Great, please give it a go. Sorry you're finding it difficult - it is definitely a complex setup. I've been adding to the docs more and more, but sometimes think the extra detail is making it more complicated.

    Definitely the fact there are entirely different networking modes does - but I had to do that as I've personally switched to 4G internet, and the existing setup didn't work. Necessity is the mother of all invention, etc

    Is there anything in particular?



    That's great. I don't know of anyone else who's tried it yet so please do, and file issues (or PRs if that's your thing) if there are any missing sections, or you learned anything.



    Not really -- 2.0 is practically what's in master right now. I've just not got round to the release work, I'll try and do that soon.

    But I've been thinking around (more) automation to set this stuff up. The thing is automation tooling (aws cli, scripts etc) are generally suited to going through a process many times, which makes the extra setup worth it. But here I suspect most people just want to set it up once and leave it.

    But I'm happy to hear to any ideas here... The self-diagnostics are quite good on the SSL side, some stuff like this for MQTT would be cool I guess.




    I don't use a user, just a role. But so long as the Lambda user has the right permissions (in addition to the normal Alexa / Lambda ones e.g. AWSLambdaBasicExecutionRole) it should be fine AIUI. Have a look here: https://github.com/declension/squeez...am-policy.json

    mqtt-squeeze doesn't need any IAMs, as it connects (currently at least) with TLS cert-based authentication, though I did create an IOT thing to model the server itself (don't think this was necessary, just part of the exploratory phase... I think...)

    HTH
    Nick (aka declension)
    Thank you for answering, I got pretty much stuck directly with generating the certs for IOT I`m very new to AWS over all so I didn┤t even have awscli, nor was I able to run the configure (asking for AWS Access Key ID etc)
    But I┤ll continue to try with MQTT since it might be helpful for others if I succeed.
    Last edited by Freddy; 2018-07-25 at 06:32.

  5. #35
    Senior Member
    Join Date
    Oct 2010
    Posts
    118
    I┤ve now managed to create the certs for MQTT IOT using the cli.

    Stuck on next step though

    Set up permissions for MQTT
    Go to the AWS IoT section (make sure to select the right region), and you start the setup.

    You'll need an IAM policy to grant MQTT access to the squeeze-alexa Lambda.

    Use the helpful included IAM policy to permission topics - remember to make sure these match your MQTT settings.


    What setup?
    Also, I need to create the Lambda squeeze-alexa first before the transporter (since I should grant MQTT acccess)?

    It might be that this require that you have very good AWS skills

  6. #36
    Member
    Join Date
    Nov 2016
    Location
    London, UK
    Posts
    42
    Quote Originally Posted by Freddy View Post
    So your plan is to share the same Letsencrypt certs with stunnel in docker and use this container only for squeeze-alexa?
    If you succeed please share, I run my NGINX with Letsencrypt on a nuc but Docker on a QNAP NAS. So it might be possible for me to use the same approach.

    It seems that stunnel is the preferred way to go but I┤m really afraid to mess up my current NGINX+let┤s encrypt setup....
    In which case personally I'd just leave that as is, generate new cert pairs just for stunnel which you can set to be 10 years or whatever. So long as you keep these safe of course.

  7. #37
    Senior Member
    Join Date
    Oct 2010
    Posts
    118
    Quote Originally Posted by nickb View Post
    In which case personally I'd just leave that as is, generate new cert pairs just for stunnel which you can set to be 10 years or whatever. So long as you keep these safe of course.
    OK, thank you nickb. I`ll go back to the stunnel approach

  8. #38
    Member
    Join Date
    Nov 2016
    Location
    London, UK
    Posts
    42
    Quote Originally Posted by Freddy View Post
    I┤ve now managed to create the certs for MQTT IOT using the cli.

    Stuck on next step though

    Set up permissions for MQTT
    Go to the AWS IoT section (make sure to select the right region), and you start the setup.

    You'll need an IAM policy to grant MQTT access to the squeeze-alexa Lambda.

    Use the helpful included IAM policy to permission topics - remember to make sure these match your MQTT settings.


    What setup?
    Actually, there's not much setup needed now I think. You might need to set up an AWS IOT "Thing" to represent the server - I did this, but I don't think it was needed in the end.

    Also, I need to create the Lambda squeeze-alexa first before the transporter (since I should grant MQTT acccess)?

    It might be that this require that you have very good AWS skills

    Definitely yes for the MQTT transport version (beta!). I'd recommend sticking with the SSL transport unless you need to use the MQTT especially if you're new to AWS stuff.

    If you do decide try MQTT though - the IOT homepage is here https://console.aws.amazon.com/iot, and you can use mosquitto to test our your MQTT setup before even starting with squeeze alexa.

    Generally it's easier to jump on the Gitter chatroom: https://gitter.im/squeeze-alexa/Lobby especially if there are other people trying this too...

  9. #39
    Member
    Join Date
    Nov 2016
    Location
    London, UK
    Posts
    42

    Successful test with nginx and Docker

    FYI

    I tried and documented a proof-of-concept with Nginx inside Docker to work.

    (EDIT: fixed link)
    Last edited by nickb; 2018-07-28 at 11:39.

  10. #40
    Senior Member
    Join Date
    Oct 2010
    Posts
    118
    I┤m happy to say that I┤ve got this up and running now, with _a lot_ of help from Nick. Thank You!

    I ended up using NGINX SSL as my transporter which was for me optimal since I already got NGINX running.
    Only thing was that I couldn┤t use my Lets Encrypt certs but thats no biggie and it also makes sense since they expire every 180 days

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •