At the very least perhaps consider sticking something like Cloudflare Access in front of it to limit access to specific users that have been authenticated externally. You’re still hosting a service and exposing direct access to it that probably isn’t battle-hardened for that kind of access given it lacks even basic SSL features. It might be wise to note that SSL isn’t a panacea. If any pre-auth vulnerabilities are discovered with its login screen, API, etc. It’s good you’ve added SSL but it still seems pretty risky to me to allow someone direct access to Blue Iris. I just want to note here that this entire paragraph suggests Blue Iris is a piece of software which should not be exposed to the public internet. Blue Iris has a web interface that was not designed to work with HTTPS, it just runs an insecure web server and it suggests you use software called stunnel which is a huge pain. based (conceptually) on Winamps AVS plugin), - Iris OpenGL spectrum. Hope this helps.This tutorial involves disabling some of Blue Iris’s security features. You should install the setup package because you will find yourself using its many. If anyone has any better way to do this, please reply so I can fix mine too. You may follow the steps below to add Reolink cameras to Blue Iris. Blue Iris accept 8344 (forwarded this in the router to my static IP of my machine) connect 127.0.0.1:8081 (8081 is my blue iris. router to stunnel, from stunnel to blue iris, but still doesnt work. Save it, and reload configuration in stunnel. However, I am unable to do this remotely. Go back to your ddns account and delete the verification txt records.įinish stunnel setup: open stunnel.pem, delete everything, then copy in the domain-key.txt file contents, then the domain-crt.txt file contents below that. After waiting the 15-30 minutes, and completing verification, download the domain-crt.txt and domain-key.txt files. For the verification step, use DNS verification, and follow their instructions to add the txt record to your hostname. Then generate the key (save both of these files to make renewals simpler…no way to make this automatic with zerossl, so if someone else uses a different client, like one for windows, that does auto-renew, please let me know). Follow their steps, entering your domain (e.g. Set up certificate at (one of Let’s Encrypt’s clients) using their online tool. Have your ddns service account at a level that supports making txt records on your hostname (e.g. Right now my nf file only says:ĭo I just download the cert and change the cert line to direct to the new one, and add the key line? What should the config file look like? (I changed the port numbers above obviously)ĮDIT: I figured it out! Here’s the skinny for anyone else wanting to set this up for HTTPS (which works awesome btw, thanks Tony!) If not using certbot, where do I go to setup the cert? Finally, once I figure out the cert, what does the stunnel config look like? The link for adding it isn’t very clear. Can you please elaborate? The letsencrypt site directs you to run the certbot client, but I don’t understand which options to choose (BI runs on Windows, and what type of webserver is it?). Using stunnel with Studio shouldn't be different than using it with. Studio connects to the local port and stunnel forwards the data to Cache after encrypting it. I’m not a programmer, so my idea was just to do a loop with the command inside, but you’ve set it up really well with a lot of error checking, etc., so is there a good place to loop or should I just make it loop everything inside the the try() iteration of takeAction()? Or is there a more elegant way? I could make a preferences input on whether the user wants a temp or hold change, and have it run in an if() on that too. If you're trying to do stunnel on the Studio machine, you would configure it to listen on a local port, then configure Studio to think that is the host and port of the Cache server. It can log out in between or stay logged in, it just needs the effect of being clicked on twice on the web UI. Quick Start Guide Remote Access (UI3, mobile phones) Storage: Clips & Archiving Triggers / Alerts. If the command was sent twice it’d make it a “hold” change (so that it’d stay in the profile until something changed it again, instead of just going back to the scheduled profile at the end of the temp period). Quick Start Guide: Remote Access - Blue Iris Software. Question though - it makes a temporary profile change in BI. I changed the password input type to “password” so now it’s at least encrypted within the app and cloud, works great still.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |