[Announce] 'MediaServer' *certified* Alexa skill for LMS

**castalla** · 2019-09-25, 12:32

Failed at first hurdle ....

This page isn’t working
xxxx.serveo.net is currently unable to handle this request.

502 error

**d6jg** · 2019-09-25, 12:36

Originally Posted by mherger

> Serveo has the option to use SSH public key authentication but that
> involves public/private rsa keys which are not a traditional username
> and password and explains why they are to be left blank.

It's my understanding that this is not being used to protect access to
the host, but the connection when using a custom domain of yours.

IMHO ngrok is kind of a cloud based reverse proxy with additional
features, whereas serveo is much simpler, but mostly a port forwarding
service. No added http features besides the https wrapper. But your LMS
would be as exposed to the internet as if you did forward the port on
your router.

--

Michael

Serveo
A portscanner on 9000 wouldn’t find it.
You’d have to guess the unique part of the serveo host name and know that 443 would expose 9000 but yes it must effectively be open.
It’s the simplicity and validity of the SSL cert that makes this attractive if a little risky.

I’ll get myself an SSL cert for my router I think and use it’s in built SSL web proxy

**philchillbill** · 2019-09-25, 12:45

Originally Posted by mherger

> Serveo has the option to use SSH public key authentication but that
> involves public/private rsa keys which are not a traditional username
> and password and explains why they are to be left blank.

It's my understanding that this is not being used to protect access to
the host, but the connection when using a custom domain of yours.

IMHO ngrok is kind of a cloud based reverse proxy with additional
features, whereas serveo is much simpler, but mostly a port forwarding
service. No added http features besides the https wrapper. But your LMS
would be as exposed to the internet as if you did forward the port on
your router.

I agree. Serveo is the least attractive option, but I added it to the list because people have preferences for ways of doing things and it's yet another way. I have found it to be flaky as far as availability in my testing.

If I were using serveo myself, I'd always combine it with apache as an extra layer for auth. That way, serveo would handle the 'front-end' of me not having to open a port, not having to do DDNS, not get a cert. And apache would do the 'back end' of forwarding the serveo tunnel through a basic-auth capable local proxy in my network towards LMS as an extra security layer. Rather involved, but hey there's more than one road that leads to Rome.

In the end, it's only the JSON that's tracing these pathways and not audio-streams, so not a big deal to add a layer.

**philchillbill** · 2019-09-25, 12:53

Originally Posted by d6jg

My router - Draytek Vigor - supports SSL Web Proxy with user/pass.
Https://mypublicipaddress:443 proxies to http://lmsip:9000
Presumably this would also work?

Absolutely. If you already have a public IP address and cert (the hard parts) then however you proxy that to lmsip:9000 is largely irrelevant. Apache is there for people who don't have fancy routers like you

**mherger** · 2019-09-25, 13:29

> Serveo
> A portscanner on 9000 wouldnâ€™t find it.

Correct: as you wouldn't get your own IP address, but only a virtual
host name, a simple IP scanner wouldn't find your LMS. A visitor would
need to know your host name. That's different from (and quite a bit more
secure than) simple port forwarding on the router, where an IP scanner
would find you.

--

Michael

**d6jg** · 2019-09-25, 13:45

I’ve realised my router also supports LetsEncrypt when coupled with DrayDDNS so I have everything I need to securely try this except an Echo Dot!!
I have Prime though so it will be here for Friday!

**slartibartfast** · 2019-09-25, 14:57

I installed ngrok on my Pi but when I try to run the command I get
ngrok: command not found.
What am I doing wrong?

Sent from my SM-G900F using Tapatalk

**slartibartfast** · 2019-09-25, 15:19

Originally Posted by slartibartfast

I installed ngrok on my Pi but when I try to run the command I get
ngrok: command not found.
What am I doing wrong?

Sent from my SM-G900F using Tapatalk

OK the command is
./ngrok

Sent from my SM-G900F using Tapatalk

**slartibartfast** · 2019-09-25, 15:37

I succeeded in getting ngrok to run on my pi and also accessed LMS using the URL generated by ngrok via Firefox on my laptop. When I put the same URL into the skill settings adding port 443 I get "No players discovered due to connectivity error" . I am using
"https://xxxxxxxx.ngrok.io:443"
I must be making a basic error but I can't see what it is.

Sent from my SM-G900F using Tapatalk

**slartibartfast** · 2019-09-25, 15:48

Originally Posted by slartibartfast

I succeeded in getting ngrok to run on my pi and also accessed LMS using the URL generated by ngrok via Firefox on my laptop. When I put the same URL into the skill settings adding port 443 I get "No players discovered due to connectivity error" . I am using
"https://xxxxxxxx.ngrok.io:443"
I must be making a basic error but I can't see what it is.

Sent from my SM-G900F using Tapatalk

Maybe my region is wrong in ngrok. US is reported when I am in the UK. How do In change it and what do I change it to? Thanks in advance. This looks promising.

Sent from my SM-G900F using Tapatalk

Thread: [Announce] 'MediaServer' certified Alexa skill for LMS

Thread Tools

Search Thread

Display