How to setup HTTPS (I guess with stunnel?)

R

razorseal

Getting the hang of it
Oct 17, 2014
149
6
Hey there,

I noticed there something for stunnel in the settings that would allow me to have a https... Not sure how this works, but I guess I need to install and setup something called stunnel.

How can I get this to work, so when I access my web gui remote, I'm logging in via HTTPS?

Is there a guide you can direct me to here or anything?

Thanks!
 
Look in the video tutorials on this site. Search is your friend, the empty box on the top right of every page.
 
  • Like
Reactions: Schmanski
Thanks... Just what I was looking for. Didn't think they'd have a video for that... Is there a way to get the cert signed/validated?
 
Use the search tool. There's a whole discussion on that somewhere, I just don't remember where. Personally, a VPN is much easier to setup than S tunnel and gets you to the same spot.
 
I've been trying to get this to work, but I keep getting - connection refused (WSAECONNREFUSED) (10061) on the console

bummer... Can't figure out what it is
 
Try changing the port... I see strange behavior any time my machine is rebooted I must change the port and then of course the pprt forward. Then it works again.
 
Stunnel is for getting around VPN blocks that use DPI. It encapsulates VPN packets in an SSL wrapper and sends them over TCP port 443 so they are indistinguishable from regular HTTPS traffic. Without stunnel, OVPN traffic sent over TCP 443 (which is a common way of getting VPN traffic through public hotspots that block port 1194) is encrypted, but it can be identified as VPN because it "looks different" from SSL. Unless you are in an oppressive country where VPN use is illegal or you are trying to access from a network that does DPI, don't bother with it. Just use a VPN.
 
  • Like
Reactions: awsum140
razorseal said:
Thanks... Just what I was looking for. Didn't think they'd have a video for that... Is there a way to get the cert signed/validated?
Click to expand...
Glad the video helped.
You dont need to get the cert signed. Its unnecessary. Are you sure you followed the video and didnt skip or leave out a step?
 
taz420nj said:
don't bother with it. Just use a VPN.
Click to expand...

I personally like using stunnel more. It provides security and I dont need to configure every device to connect to my vpn.
I've done both, once stunnel is setup you can basically forget about it. When I had openvpn setup it was a pita to keep remembering to turn on the vpn when I wanted to look at the cameras.
 
  • Like
Reactions: awsum140
Dasstrum said:
Glad the video helped.
You dont need to get the cert signed. Its unnecessary. Are you sure you followed the video and didnt skip or leave out a step?
Click to expand...

Did it exactly like the video. I made sure the [blueiris] was in the right spot too (client or server, I forget now) I restarted the computer to see if that would help, and now the script won't even run. Out of anger I gave up, so I'm little dissapointed.I even uninstalled and reinstalled. I googled that error, and can't really get a solid answer.

getting it signed for just OCD for me, so I didn't have to accept cert if I ever logged in from another computer and I like seeing the green lockbox icon lol.

I don't like VPNs for this purpose because I don't want to log into vpn everytime I want to view cameras.
 
I tried it again today. I did it exactly as video, down to using same ports... I am still getting WSAECONNREFUSED (10061)

I cannot figure out what that error is to fix it... Very unfortunate.
 
Dasstrum said:
Are you getting this error in a browser?
If so which are you using?
Click to expand...

Nope, I'm getting this on the stunnel config thing. It pops up as soon as I attempt to get on UI3 from chrome. I tried edge, and also same thing with the blue iris app

stunnel.png
 
I noticed this happens when the port is being usedtype netstat -abm I think (Googled last night) and it will show you if your is being used. Mine was weird cuz everything kept using it (Dropbox, svchost, one drive) so I restarted and without waiting, I quickly launched the gui and it seemed to have worked...not sure if it's repeatable though
 
I can always get to the guiui, but each (and every) time the machine gets rebooted it somehow stops working and I have this error. The only thing I have found that works is what I posted above about changing ports.
I use non standard ports because windows has the IIS webserver that shows up on 443. I disabled it, but it came back after updates so I just moved on to other ports. These ports are only on your internal network so it's not a problem.
 
check out the stunnel thread.... appears there are some 'bugs' with specific versions of BI and STUNNEL. Some are fixed in newer releases, others have a work-around provided.
 
You must log in or register to reply here.
Top Bottom