Home of the Squeezebox™ & Transporter® network music players.
Results 1 to 9 of 9
  1. #1
    Senior Member
    Join Date
    Aug 2017
    Posts
    119

    How to setup Username and Password for LMS?

    I connect to LMS via Squeezer (the app).

    Is there a way I can secure my connection by setting LMS to ask for username and password?

    Until now it connects with just the IP and username/password is blank.

  2. #2

  3. #3
    Senior Member philchillbill's Avatar
    Join Date
    Jan 2019
    Location
    The Netherlands
    Posts
    819
    Quote Originally Posted by bvrulez View Post
    Because it’s a http connection with no SSL, the username and password are transmitted in plain text. This will not really protect you. What are you trying to achieve?

  4. #4
    Senior Member
    Join Date
    Aug 2017
    Posts
    119
    Thanks for the hint. I need to open it up to the internet because I need a connection for test purposes. I forward it via another port (not the original one). Not sure how somebody would be able to sniff it. But thanks again I did not think about this.

  5. #5
    Senior Member philchillbill's Avatar
    Join Date
    Jan 2019
    Location
    The Netherlands
    Posts
    819
    Quote Originally Posted by bvrulez View Post
    Thanks for the hint. I need to open it up to the internet because I need a connection for test purposes. I forward it via another port (not the original one). Not sure how somebody would be able to sniff it. But thanks again I did not think about this.
    If you need to access LMS remotely, use something like ngrok which will give you a https url for LMS with encrypted credentials. This is better than always requiring credentials within your LAN and only applies to external connections. You also don’t need to open any ports.

    My Alexa skills use this and it’s very reliable and secure. See the help at https://smartskills.tech/lmslitesetup for a simple explanation.

  6. #6
    Senior Member
    Join Date
    Aug 2017
    Posts
    119
    Thanks a lot! Actually I have nginx running and would just have to setup a second service. Have to look into it. Thanks for kicking my but. It's really better this way!

  7. #7
    Senior Member
    Join Date
    Aug 2017
    Posts
    119
    Quote Originally Posted by philchillbill View Post
    If you need to access LMS remotely, use something like ngrok which will give you a https url for LMS with encrypted credentials.
    Hey philchilllbill, as suspected I run into troubles. That's why I did not set it up yet.

    I have a working NGINX config for my Radicale account. Radicale is an option to have a CalDAV and CardDAV server at home. This setup is special because I use the credentials I put in to log into NGINX also to log into the Radicale account that gets proxied. I copied this mostly from a German site.

    Now I want to add a plain and "simple" NGINX authentication to let me access the LMS which is on the same server but under a different port, of course.

    I have one user in my
    Code:
    .htpasswd
    . I just put a second user and password in with the appropriate command.

    I can log into port 18889 but then i don't get forwarded to LMS but I see a page of NGINX telling me it is running but needs more config.

    Can you maybe spot the issue?

    This is my
    Code:
    /usr/local/nginx/conf/nginx.conf
    :

    Code:
    #user  nobody;
    worker_processes  1;
    error_log  logs/error.log;
    error_log  logs/error.log  notice;
    error_log  logs/error.log  info;
    #pid        logs/nginx.pid;
    events {
        worker_connections  1024;
    }
    http {
        auth_basic "NGINX";
        auth_basic_user_file .htpasswd;
    #  ssl_certificate ssl/server.crt;
        ssl_certificate /etc/letsencrypt/live/bvrulez/fullchain.pem;
    #  ssl_certificate_key ssl/server.key;
        ssl_certificate_key /etc/letsencrypt/live/bvrulez/privkey.pem;
        include       mime.types;
        default_type  application/octet-stream;
        #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
        #                  '$status $body_bytes_sent "$http_referer" '
        #                  '"$http_user_agent" "$http_x_forwarded_for"';
        #access_log  logs/access.log  main;
        sendfile        on; 
        #tcp_nopush     on;
        #keepalive_timeout  0;
        keepalive_timeout  65;
        #gzip  on;
        server {	
    	  server_name MYPERSONALSERVER.COM;
    	  listen 18888 ssl;
          location / {
            proxy_pass        http://localhost:5232/;
            proxy_set_header  X-Script-Name /;
            proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
    	proxy_set_header  X-Remote-User $remote_user;
            proxy_set_header  Host $http_host;
            proxy_pass_header Authorization;
    	auth_basic        "Nginx-Radicale - Password Required";
    		#auth_basic_user_file /etc/nginx/htpasswd;
          }
        }
    	server {
    	  server_name MYPERSONALSERVER.COM;
    	  listen 18889 ssl;
    	  location / {
    		proxy_pass		http://localhost:9000/;
          }
        }
    }

  8. #8
    Senior Member
    Join Date
    Aug 2017
    Posts
    119
    I think I just solved it by adding
    Code:
    auth_basic "NGINX";
    to the second servers config area.

  9. #9
    Senior Member philchillbill's Avatar
    Join Date
    Jan 2019
    Location
    The Netherlands
    Posts
    819
    Sorry, I'm experienced with Apache but never used nginx.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •