Hi, this is basically a post of my config for tvheadend forwarded through nginx.
why? Well, because I like having my to be available through the interwebs, and also know that HTTPAuth is plaintext. I also am of the opinion that SSL support is very out of scope for tvheadend.
So here goes : Generate your ssl stuff. (namely the key file and the certificate file) Self signed certificates are out of scope here.
To generate a CSR and a keyfile :
openssl req -newkey rsa:4096 -subj /CN=<your sever's address here> -nodes -keyout <filename for your private key> -out <filename for the CSR>
I am going to assume that all SSL-related files are in /etc/ssl/nginx/
Another assumption is that tvheadend is running on the same box as the server.
Follows the nginx server section (for the rest of the nginx.conf find other tutorials ;) )
server {
listen 443;
server_name tv.example.com;
ssl_certificate /etc/ssl/nginx/tv.example.com.crt;
ssl_certificate_key /etc/ssl/nginx/tv.example.com.key;
location / {
proxy_pass http://127.0.0.1:9981;
}
}
What doesn't work? Network authentication : As nginx always calls in from 127.0.0.1, authenticating by source IP is no longer possible for the webui.
Pure HTSP forwarding with this setup is untested for one, and two will most likely not work, since HTSP clients don't expect HTTP headers.
Here's to hoping someone finds this useful :)