Hi,
I am thinking to get a separate apache2 https "server" which is actually a proxy to the 8001 port on my enigma2 box.
Replacing http to https ( one way ssl ) should not be a biggie and that can achieved ( easily ) with letsencrypt imho.
Eg " https://your.dns.server/blahdieblah " guides you to BBC1 on your enigma2 box, even if you do http it can be redirected to https before it "proxies" to the enigma2 box..
Yet it is needed to add some more security, so " noone " can access unless client has CA and key ( two way ssl ) so client can connect to the "apache server"
imho you should replace your "http"-string ( in /etc/enigma2 ) to the apache server , but keys need to be added.
I remember curl is ( or can be installed ) on the enigma2 box so you can test at least the connection, but after testing it would be nice to get it to work on your enigma2 box directly using the proper string ...
Ideally "remotestream convert" gets an update to load the ca and client key.
Ideally no more VPN is needed and you can do things through https and 2way ssl.
Chaps this is just a thought, perhaps anyone similar experience ?
Cheers!