Possible to secure the BI web server?

HelloAgain

Young grasshopper

Joined

Jan 26, 2019

Messages

30

Reaction score

21

Location

USA

Feb 19, 2019

• #1

By chance, is it possible to secure the BI web server? I'm using STunnel encapsulate its web traffic via HTTPS and have it setup well enough to get an A+ rating via Qualys SSLLabs, however I want to do more.

I'd like to do a few more things such as adding some security headers, removing where the server notifies the world as to the server and version I'm running (IE: BlueServer/4.8.5.0), etc.

 

bp2008

Staff member

IPCT+ Member

Joined

Mar 10, 2014

Messages

12,676

Reaction score

14,023

Location

USA

Feb 19, 2019

• #2

nginx can be a powerful reverse-proxy server and should be able to remove headers and add an additional layer of http authentication if you want.

The most secure way to go is to use your router's VPN server (if available) and not forward a port to Blue Iris at all. Then you could even turn off authentication for BI if you wanted.

 

tangent

IPCT Contributor

Joined

May 12, 2016

Messages

4,422

Reaction score

3,656

Feb 20, 2019

• #3

didn't @nayr run an nginx reverse proxy with certificate authentication?

 

HelloAgain

Young grasshopper

Joined

Jan 26, 2019

Messages

30

Reaction score

21

Location

USA

Feb 21, 2019

• #4

So, I disabled STunnel and setup nginx. Overall, it was pretty easy to setup, however I can't figure out one thing. Has anyone been able to get TLSv1.3 to work with the Windows version of nginx?

It's looking like the openssl version embedded within nginx is out of date and I can't figure out how to update it. This isn't critical; it's more me just trying to be thorough.

 

Martin Paul Sr

Young grasshopper

Joined

Jun 6, 2018

Messages

65

Reaction score

23

Location

San Jose

Feb 21, 2019

• #5

Would you be able to use the mobile app if the server is in a VPN?

 

tangent

IPCT Contributor

Joined

May 12, 2016

Messages

4,422

Reaction score

3,656

Feb 21, 2019

• #6

Martin Paul Sr said:

Would you be able to use the mobile app if the server is in a VPN?

Click to expand...

You have to connect to the VPN first, then yes.

 

Martin Paul Sr

Young grasshopper

Joined

Jun 6, 2018

Messages

65

Reaction score

23

Location

San Jose

Feb 21, 2019

• #7

Which I guess means installing a VPN client for Android or IOS that's made to play with whatever VPN you're using one the server?

 

tangent

IPCT Contributor

Joined

May 12, 2016

Messages

4,422

Reaction score

3,656

Feb 21, 2019

• #8

Martin Paul Sr said:

Which I guess means installing a VPN client for Android or IOS that's made to play with whatever VPN you're using one the server?

Click to expand...

That depends on the VPN server, iOS and Android both have built in VPN clients.

 

Martin Paul Sr

Young grasshopper

Joined

Jun 6, 2018

Messages

65

Reaction score

23

Location

San Jose

Feb 21, 2019

• #9

How about that, learn something new every day. Thank you.