Adding SSL cert to Roon

Phillip_McMahon · February 4, 2019, 12:35am

I would like to add an SSL cert to the Roon browser view. No real need other than I don’t like non-SSL services if I can avoid it.

Could you let me know where I make the necessary config. My RoonServer is running on a Linux machine. Many thanks in advance.

dylan · February 4, 2019, 9:13pm

Hi @Phillip_McMahon,

Can you clarify what you mean by Roon browser view?

Phillip_McMahon · February 4, 2019, 9:43pm

Fair point. :0)

The screen that can be shown in a browser with the current playing song and lyrics.

Something like this; http://IP:9100/display/

So this is some http server running somewhere, maybe lightpd not sure, and I would like to put my SSL cert on that too. Overkill for sure, but if it can be done I would like to do it :0)

Wouter_du_Toit · February 4, 2019, 11:51pm

Hi @Phillip_McMahon

This is unnecessary, in my opinion, as there is no reason to authenticate or protect the data on the display page.

If you are running ROON on linux, you could firewall port 9100, and install Nginx to reverse proxy to it with TLS, but it is such a chore to maintain TLS certificates I don’t think it is worth it.

TLS is normally deployed based on risk, and since there is none to the end user in this scenario, it wouldn’t make sense for ROON to include the ability to install certificates as part of the ROON interface and complicate the user experience.

Phillip_McMahon · February 5, 2019, 12:02am

Totally aware it offers no risk reduction to what is being presented, as I said before I know this is over kill. I run a wildcard cert in one location and a bunch of services being nginx already so adding 1 more config to this setup should be easy…

I did try with nginx, using a standard setup template, however this did not display content as it would only allow a connection back to a secure web socket, which I don’t think Roon is running. I don’t fancy hacking about in display_ui.js to get this working. Not to worry.

dylan · February 14, 2019, 1:33pm

Hi @Phillip_McMahon,

Thanks for your patience here. I had a chat with the team about this and wanted to follow up with their response:

At this time adding an SSL cert here is not possible and we do not currently have plans to change this.

Phillip_McMahon · February 14, 2019, 2:36pm

Appreciate the response to be honest. On most boards this would never have had an official reply.

No great surprise, and it was more a nice to have if simple to do. :0)

Loving the software. Thanks.