Accessing BlueIris via HTTPS

Overcon

Getting the hang of it
Joined
Aug 6, 2014
Messages
196
Reaction score
31
Hi,

I just got BlueIris setup a while ago and I got it open through my Firewall to access it from around the world. The issue I am having is if there is a way to setup blueIris to only allow HTTPS connections to it's Web Server? Right now it is just normal old HTTP and packets can be captured and you can read the username and password (so I read here), but I don't see a means of enabling HTTPS except to talk to the cameras, which is not what I need (I use it when available, but I want to login to BlueIris via HTTPS).

Does anyone know how to set this up? Can it be done?

Thanks!
 

fenderman

Staff member
Joined
Mar 9, 2014
Messages
36,897
Reaction score
21,250
Welcome to the forum. From the BI help file..
"How to use HTTPS (SSL) with the Blue Iris web server
When you have selected Secure Only on the Options/Webserver page, you are presented with a Blue Iris login page instead of the browser's own username/password form. When this login page is used, your user name and password are NOT sent to the Blue Iris web server. A secure hash (encryption) is created from a combination of these credentials and a unique session key.While your authentication is securely protected by this mechanism, some users will want to know that the actual video itself is encrypted. This is only possible with the use of an add-on SSL (Secure Socket Layer) technology.We have recently discovered stunnel (www.stunnel.org) which you may install as a service onto your PC. Instead of configuring your router to forward traffic to Blue Iris, you would configure that traffic to go to stunnel, and then configure stunnel to then forward the traffic to the Blue Iris web server. For example, external port 443 (the standard HTTPS port) forwards to stunnel port 443, and stunnel forwards to Blue Iris on the same PC on port 80 or 81.
 

Overcon

Getting the hang of it
Joined
Aug 6, 2014
Messages
196
Reaction score
31
Welcome to the forum. From the BI help file..
"How to use HTTPS (SSL) with the Blue Iris web server
When you have selected Secure Only on the Options/Webserver page, you are presented with a Blue Iris login page instead of the browser's own username/password form. When this login page is used, your user name and password are NOT sent to the Blue Iris web server. A secure hash (encryption) is created from a combination of these credentials and a unique session key.While your authentication is securely protected by this mechanism, some users will want to know that the actual video itself is encrypted. This is only possible with the use of an add-on SSL (Secure Socket Layer) technology.We have recently discovered stunnel (www.stunnel.org) which you may install as a service onto your PC. Instead of configuring your router to forward traffic to Blue Iris, you would configure that traffic to go to stunnel, and then configure stunnel to then forward the traffic to the Blue Iris web server. For example, external port 443 (the standard HTTPS port) forwards to stunnel port 443, and stunnel forwards to Blue Iris on the same PC on port 80 or 81.
Thanks, that's perfect and releases a lot of worry I had opening it up to the world.
 

ipcamdude22

Getting the hang of it
Joined
Dec 10, 2015
Messages
125
Reaction score
4
I know I'm bumping an old thread, but I wanted to link to this thread regarding Stunnel and running Blue Iris via https - http://www.ipcamtalk.com/showthread.php/2131-stunnel
Hello, new to the forum but it looks like a great resource. I have been experimenting with ipcams and have downloaded the blue iris trial version, I have used other programs and have been able to access remotely via their server port forwarding etc.

I like blue iris and feel that it will meet my needs for a small home security system 4-5 cameras. I have a couple questions for you gurus:
1. As most people are, I am concerned with privacy etc. I know that blue iris offers https through stunnel, does this work well? I would be using it on a home computer that serves many purposes not just a server, and I want to make sure it won't open my computer to any security issues.

2. Is a vpn a better option? I have not seen any information on how to set up an on-line service vpn like tunnelbear etc. with blue iris, has anyone done this? If so, how does that work, i.e. do you set up the vpn from your computer to the on-line vpn and then to blue iris, or ??
Please let me know as I want my home computer to be secure as well as when I remotely view the cameras.
Thank you in advance!
 
  • Like
Reactions: DSE

fenderman

Staff member
Joined
Mar 9, 2014
Messages
36,897
Reaction score
21,250
@ipcamdude22 Welcome to the forum. The blue iris connection is secure even without the use of https however the video itself will not be encrypted unless https is used.
VPN is the most secure method. Tunnelbear is not the type of vpn your want. Those services are designed to let you browse anonymously. What you are looking for is a service that will allow you to remotely connect to your lan. Once setup, your phone will act as though its on your local network. You will only need the blue iris local ip address to connect. Many routers have this function. You can also use something like logmein's hamachi vpn.
 

ipcamdude22

Getting the hang of it
Joined
Dec 10, 2015
Messages
125
Reaction score
4
@ipcamdude22Welcome to the forum. The blue iris connection is secure even without the use of https however the video itself will not be encrypted unless https is used.
VPN is the most secure method. Tunnelbear is not the type of vpn your want. Those services are designed to let you browse anonymously. What you are looking for is a service that will allow you to remotely connect to your lan. Once setup, your phone will act as though its on your local network. You will only need the blue iris local ip address to connect. Many routers have this function. You can also use something like logmein's hamachi vpn.
Thank you for the quick reply and welcome fenderman. I have a netgear wndr3700v4 and it does not support VPN to my knowledge. I know I can set one up on windows with PPTP. I would be accessing it remotely from time to time on my phone and tablet, any suggestions? How is the setup with hamachi, any cost to that one?
 

fenderman

Staff member
Joined
Mar 9, 2014
Messages
36,897
Reaction score
21,250
Thank you for the quick reply and welcome fenderman. I have a netgear wndr3700v4 and it does not support VPN to my knowledge. I know I can set one up on windows with PPTP. I would be accessing it remotely from time to time on my phone and tablet, any suggestions? How is the setup with hamachi, any cost to that one?
I believe hamachi has a 29 dollar yearly cost. Asus routers have vpn built in.
 

ipcamdude22

Getting the hang of it
Joined
Dec 10, 2015
Messages
125
Reaction score
4
Do you need a router that supports VPN or will hamachi work without it?
 

fenderman

Staff member
Joined
Mar 9, 2014
Messages
36,897
Reaction score
21,250
I would also suggest that you buy a dedicated pc to run blue iris. VMS software should not be run on a pc dedicated to other tasks.
 

ipcamdude22

Getting the hang of it
Joined
Dec 10, 2015
Messages
125
Reaction score
4
I would also suggest that you buy a dedicated pc to run blue iris. VMS software should not be run on a pc dedicated to other tasks.
Ok I downloaded the manual and it looks there is afree service for up to five, also would. Laptop work to run bi?
 

fenderman

Staff member
Joined
Mar 9, 2014
Messages
36,897
Reaction score
21,250
Ok I downloaded the manual and it looks there is afree service for up to five, also would. Laptop work to run bi?
it depends on the laptop and the total number of cameras and the resolution you will run them. For most installs, a 300 dollar i5-haswell is sufficient (dell optiplex, hp elitedesk, see threads on those).
 

wcrowder

Getting the hang of it
Joined
Oct 8, 2015
Messages
294
Reaction score
53
Location
French Lick, Indiana 47432
Hello, new to the forum but it looks like a great resource. I have been experimenting with ipcams and have downloaded the blue iris trial version, I have used other programs and have been able to access remotely via their server port forwarding etc.

I like blue iris and feel that it will meet my needs for a small home security system 4-5 cameras. I have a couple questions for you gurus:
1. As most people are, I am concerned with privacy etc. I know that blue iris offers https through stunnel, does this work well? I would be using it on a home computer that serves many purposes not just a server, and I want to make sure it won't open my computer to any security issues.

2. Is a vpn a better option? I have not seen any information on how to set up an on-line service vpn like tunnelbear etc. with blue iris, has anyone done this? If so, how does that work, i.e. do you set up the vpn from your computer to the on-line vpn and then to blue iris, or ??
Please let me know as I want my home computer to be secure as well as when I remotely view the cameras.
Thank you in advance!
I don't think there is an answer to you questions.
1. Your using a consumer router/access point, easily "hacked/back door
2. VPN's are the best option, but not necessary. Look into pfSense...
3. Home Surveillance works best when it is public. IE. Post stickers on windows, a nice signs outside.

http://pfsense.org/
 

ipcamdude22

Getting the hang of it
Joined
Dec 10, 2015
Messages
125
Reaction score
4
I don't think there is an answer to you questions.
1. Your using a consumer router/access point, easily "hacked/back door
2. VPN's are the best option, but not necessary. Look into pfSense...
3. Home Surveillance works best when it is public. IE. Post stickers on windows, a nice signs outside.

http://pfsense.org/
So if you are using the "secure only" and stunnel, do you think it is necessary to have a router that supports vpn as well or is that really not necessary?
Thanks
 

Ion Barker

Young grasshopper
Joined
Dec 31, 2015
Messages
64
Reaction score
18
@ipcamdude22Welcome to the forum. The blue iris connection is secure even without the use of https however the video itself will not be encrypted unless https is used.
VPN is the most secure method. Tunnelbear is not the type of vpn your want. Those services are designed to let you browse anonymously. What you are looking for is a service that will allow you to remotely connect to your lan. Once setup, your phone will act as though its on your local network. You will only need the blue iris local ip address to connect. Many routers have this function. You can also use something like logmein's hamachi vpn.
If you had to your choice, which route would you go? What do you consider the ranking of these four options?

1. logmein hamachi
2. stunnel
3. router VPN
4. secure only MD5 hash

Thanks!
 
Top