How to setup HTTPS (I guess with stunnel?)

Discussion in 'Blue Iris' started by razorseal, Jan 11, 2019.

Share This Page

  1. razorseal

    razorseal Getting the hang of it

    Joined:
    Oct 17, 2014
    Messages:
    149
    Likes Received:
    6
    Hey there,

    I noticed there something for stunnel in the settings that would allow me to have a https... Not sure how this works, but I guess I need to install and setup something called stunnel.

    How can I get this to work, so when I access my web gui remote, I'm logging in via HTTPS?

    Is there a guide you can direct me to here or anything?

    Thanks!
     
  2. awsum140

    awsum140 Known around here

    Joined:
    Nov 14, 2017
    Messages:
    1,283
    Likes Received:
    1,117
    Location:
    Southern NJ
    Look in the video tutorials on this site. Search is your friend, the empty box on the top right of every page.
     
    Schmanski likes this.
  3. razorseal

    razorseal Getting the hang of it

    Joined:
    Oct 17, 2014
    Messages:
    149
    Likes Received:
    6
    Thanks... Just what I was looking for. Didn't think they'd have a video for that... Is there a way to get the cert signed/validated?
     
  4. awsum140

    awsum140 Known around here

    Joined:
    Nov 14, 2017
    Messages:
    1,283
    Likes Received:
    1,117
    Location:
    Southern NJ
    Use the search tool. There's a whole discussion on that somewhere, I just don't remember where. Personally, a VPN is much easier to setup than S tunnel and gets you to the same spot.
     
  5. razorseal

    razorseal Getting the hang of it

    Joined:
    Oct 17, 2014
    Messages:
    149
    Likes Received:
    6
    I've been trying to get this to work, but I keep getting - connection refused (WSAECONNREFUSED) (10061) on the console

    bummer... Can't figure out what it is
     
  6. danbutter

    danbutter Getting the hang of it

    Joined:
    May 28, 2017
    Messages:
    118
    Likes Received:
    32
    Try changing the port... I see strange behavior any time my machine is rebooted I must change the port and then of course the pprt forward. Then it works again.
     
  7. taz420nj

    taz420nj Getting the hang of it

    Joined:
    Oct 14, 2018
    Messages:
    59
    Likes Received:
    40
    Location:
    KS
    Stunnel is for getting around VPN blocks that use DPI. It encapsulates VPN packets in an SSL wrapper and sends them over TCP port 443 so they are indistinguishable from regular HTTPS traffic. Without stunnel, OVPN traffic sent over TCP 443 (which is a common way of getting VPN traffic through public hotspots that block port 1194) is encrypted, but it can be identified as VPN because it "looks different" from SSL. Unless you are in an oppressive country where VPN use is illegal or you are trying to access from a network that does DPI, don't bother with it. Just use a VPN.
     
    awsum140 likes this.
  8. Dasstrum

    Dasstrum IPCT Contributor

    Joined:
    Nov 4, 2016
    Messages:
    578
    Likes Received:
    702
    Location:
    Florida
    Glad the video helped.
    You dont need to get the cert signed. Its unnecessary. Are you sure you followed the video and didnt skip or leave out a step?
     
  9. Dasstrum

    Dasstrum IPCT Contributor

    Joined:
    Nov 4, 2016
    Messages:
    578
    Likes Received:
    702
    Location:
    Florida
    I personally like using stunnel more. It provides security and I dont need to configure every device to connect to my vpn.
    I've done both, once stunnel is setup you can basically forget about it. When I had openvpn setup it was a pita to keep remembering to turn on the vpn when I wanted to look at the cameras.
     
    awsum140 likes this.
  10. razorseal

    razorseal Getting the hang of it

    Joined:
    Oct 17, 2014
    Messages:
    149
    Likes Received:
    6
    Did it exactly like the video. I made sure the [ blueiris] was in the right spot too (client or server, I forget now) I restarted the computer to see if that would help, and now the script won't even run. Out of anger I gave up, so I'm little dissapointed.I even uninstalled and reinstalled. I googled that error, and can't really get a solid answer.

    getting it signed for just OCD for me, so I didn't have to accept cert if I ever logged in from another computer and I like seeing the green lockbox icon lol.

    I don't like VPNs for this purpose because I don't want to log into vpn everytime I want to view cameras.
     
  11. razorseal

    razorseal Getting the hang of it

    Joined:
    Oct 17, 2014
    Messages:
    149
    Likes Received:
    6
    I tried it again today. I did it exactly as video, down to using same ports... I am still getting WSAECONNREFUSED (10061)

    I cannot figure out what that error is to fix it... Very unfortunate.
     
  12. Dasstrum

    Dasstrum IPCT Contributor

    Joined:
    Nov 4, 2016
    Messages:
    578
    Likes Received:
    702
    Location:
    Florida
    Are you getting this error in a browser?
    If so which are you using?
     
    Last edited: Jan 14, 2019
  13. razorseal

    razorseal Getting the hang of it

    Joined:
    Oct 17, 2014
    Messages:
    149
    Likes Received:
    6
    Nope, I'm getting this on the stunnel config thing. It pops up as soon as I attempt to get on UI3 from chrome. I tried edge, and also same thing with the blue iris app

    [​IMG]
     
  14. Dasstrum

    Dasstrum IPCT Contributor

    Joined:
    Nov 4, 2016
    Messages:
    578
    Likes Received:
    702
    Location:
    Florida
    PM me a screenshot of your BI web server settings and your stunnel config file
     
  15. razorseal

    razorseal Getting the hang of it

    Joined:
    Oct 17, 2014
    Messages:
    149
    Likes Received:
    6
    Ok will do...

    Another problem I have is when I restart, the gui for stunnel fails.
     
  16. razorseal

    razorseal Getting the hang of it

    Joined:
    Oct 17, 2014
    Messages:
    149
    Likes Received:
    6
  17. Dasstrum

    Dasstrum IPCT Contributor

    Joined:
    Nov 4, 2016
    Messages:
    578
    Likes Received:
    702
    Location:
    Florida
    Same here... I have no idea for a workaround for this. I have found that the service is still running just fine... just the GUI doesnt work. Maybe someone can chime in on this one
     
  18. razorseal

    razorseal Getting the hang of it

    Joined:
    Oct 17, 2014
    Messages:
    149
    Likes Received:
    6
    I noticed this happens when the port is being usedtype netstat -abm I think (Googled last night) and it will show you if your is being used. Mine was weird cuz everything kept using it (Dropbox, svchost, one drive) so I restarted and without waiting, I quickly launched the gui and it seemed to have worked...not sure if it's repeatable though
     
  19. danbutter

    danbutter Getting the hang of it

    Joined:
    May 28, 2017
    Messages:
    118
    Likes Received:
    32
    I can always get to the guiui, but each (and every) time the machine gets rebooted it somehow stops working and I have this error. The only thing I have found that works is what I posted above about changing ports.
    I use non standard ports because windows has the IIS webserver that shows up on 443. I disabled it, but it came back after updates so I just moved on to other ports. These ports are only on your internal network so it's not a problem.
     
  20. jmhmcse

    jmhmcse n3wb

    Joined:
    Dec 30, 2018
    Messages:
    19
    Likes Received:
    1
    Location:
    usa
    check out the stunnel thread.... appears there are some 'bugs' with specific versions of BI and STUNNEL. Some are fixed in newer releases, others have a work-around provided.