How to setup HTTPS (I guess with stunnel?)

razorseal

Getting the hang of it
Joined
Oct 17, 2014
Messages
149
Reaction score
6
Hey there,

I noticed there something for stunnel in the settings that would allow me to have a https... Not sure how this works, but I guess I need to install and setup something called stunnel.

How can I get this to work, so when I access my web gui remote, I'm logging in via HTTPS?

Is there a guide you can direct me to here or anything?

Thanks!
 

awsum140

Known around here
Joined
Nov 14, 2017
Messages
1,254
Reaction score
1,128
Location
Southern NJ
Look in the video tutorials on this site. Search is your friend, the empty box on the top right of every page.
 

razorseal

Getting the hang of it
Joined
Oct 17, 2014
Messages
149
Reaction score
6
Thanks... Just what I was looking for. Didn't think they'd have a video for that... Is there a way to get the cert signed/validated?
 

awsum140

Known around here
Joined
Nov 14, 2017
Messages
1,254
Reaction score
1,128
Location
Southern NJ
Use the search tool. There's a whole discussion on that somewhere, I just don't remember where. Personally, a VPN is much easier to setup than S tunnel and gets you to the same spot.
 

razorseal

Getting the hang of it
Joined
Oct 17, 2014
Messages
149
Reaction score
6
I've been trying to get this to work, but I keep getting - connection refused (WSAECONNREFUSED) (10061) on the console

bummer... Can't figure out what it is
 

danbutter

Getting the hang of it
Joined
May 28, 2017
Messages
139
Reaction score
47
Try changing the port... I see strange behavior any time my machine is rebooted I must change the port and then of course the pprt forward. Then it works again.
 

taz420nj

Getting the hang of it
Joined
Oct 14, 2018
Messages
67
Reaction score
43
Location
KS
Stunnel is for getting around VPN blocks that use DPI. It encapsulates VPN packets in an SSL wrapper and sends them over TCP port 443 so they are indistinguishable from regular HTTPS traffic. Without stunnel, OVPN traffic sent over TCP 443 (which is a common way of getting VPN traffic through public hotspots that block port 1194) is encrypted, but it can be identified as VPN because it "looks different" from SSL. Unless you are in an oppressive country where VPN use is illegal or you are trying to access from a network that does DPI, don't bother with it. Just use a VPN.
 

Dasstrum

IPCT Contributor
Joined
Nov 4, 2016
Messages
578
Reaction score
736
Location
Florida
Thanks... Just what I was looking for. Didn't think they'd have a video for that... Is there a way to get the cert signed/validated?
Glad the video helped.
You dont need to get the cert signed. Its unnecessary. Are you sure you followed the video and didnt skip or leave out a step?
 

Dasstrum

IPCT Contributor
Joined
Nov 4, 2016
Messages
578
Reaction score
736
Location
Florida
don't bother with it. Just use a VPN.
I personally like using stunnel more. It provides security and I dont need to configure every device to connect to my vpn.
I've done both, once stunnel is setup you can basically forget about it. When I had openvpn setup it was a pita to keep remembering to turn on the vpn when I wanted to look at the cameras.
 

razorseal

Getting the hang of it
Joined
Oct 17, 2014
Messages
149
Reaction score
6
Glad the video helped.
You dont need to get the cert signed. Its unnecessary. Are you sure you followed the video and didnt skip or leave out a step?
Did it exactly like the video. I made sure the [blueiris] was in the right spot too (client or server, I forget now) I restarted the computer to see if that would help, and now the script won't even run. Out of anger I gave up, so I'm little dissapointed.I even uninstalled and reinstalled. I googled that error, and can't really get a solid answer.

getting it signed for just OCD for me, so I didn't have to accept cert if I ever logged in from another computer and I like seeing the green lockbox icon lol.

I don't like VPNs for this purpose because I don't want to log into vpn everytime I want to view cameras.
 

razorseal

Getting the hang of it
Joined
Oct 17, 2014
Messages
149
Reaction score
6
I tried it again today. I did it exactly as video, down to using same ports... I am still getting WSAECONNREFUSED (10061)

I cannot figure out what that error is to fix it... Very unfortunate.
 

Dasstrum

IPCT Contributor
Joined
Nov 4, 2016
Messages
578
Reaction score
736
Location
Florida
Are you getting this error in a browser?
If so which are you using?
 
Last edited:

razorseal

Getting the hang of it
Joined
Oct 17, 2014
Messages
149
Reaction score
6
Are you getting this error in a browser?
If so which are you using?
Nope, I'm getting this on the stunnel config thing. It pops up as soon as I attempt to get on UI3 from chrome. I tried edge, and also same thing with the blue iris app

 

Dasstrum

IPCT Contributor
Joined
Nov 4, 2016
Messages
578
Reaction score
736
Location
Florida
PM me a screenshot of your BI web server settings and your stunnel config file
 

razorseal

Getting the hang of it
Joined
Oct 17, 2014
Messages
149
Reaction score
6
Ok will do...

Another problem I have is when I restart, the gui for stunnel fails.
 

Dasstrum

IPCT Contributor
Joined
Nov 4, 2016
Messages
578
Reaction score
736
Location
Florida
Ok will do...

Another problem I have is when I restart, the gui for stunnel fails.
Same here... I have no idea for a workaround for this. I have found that the service is still running just fine... just the GUI doesnt work. Maybe someone can chime in on this one
 

razorseal

Getting the hang of it
Joined
Oct 17, 2014
Messages
149
Reaction score
6
I noticed this happens when the port is being usedtype netstat -abm I think (Googled last night) and it will show you if your is being used. Mine was weird cuz everything kept using it (Dropbox, svchost, one drive) so I restarted and without waiting, I quickly launched the gui and it seemed to have worked...not sure if it's repeatable though
 

danbutter

Getting the hang of it
Joined
May 28, 2017
Messages
139
Reaction score
47
I can always get to the guiui, but each (and every) time the machine gets rebooted it somehow stops working and I have this error. The only thing I have found that works is what I posted above about changing ports.
I use non standard ports because windows has the IIS webserver that shows up on 443. I disabled it, but it came back after updates so I just moved on to other ports. These ports are only on your internal network so it's not a problem.
 

jmhmcse

Pulling my weight
Joined
Dec 30, 2018
Messages
211
Reaction score
129
Location
usa
check out the stunnel thread.... appears there are some 'bugs' with specific versions of BI and STUNNEL. Some are fixed in newer releases, others have a work-around provided.
 
Top