Networking /Android app / making push notifications work

veert

Young grasshopper
Joined
Jul 27, 2018
Messages
49
Reaction score
2
Location
Switzerland
Hello everyone.

Let's say, I'm running a paranoid setup which only allows for web access to my Blue Iris installation. In other words, I can use the web interface, but that's it - the machine is not accessible from the outside otherwise, nor do I want it to be, VPN or no VPN.

Now, I'm thinking of buying the Android app, and the question becomes - is the above setup sufficient for the app to work right out of the box, or I'll have to relax the restrictions? In other words, does the app access a Blue Iris installation in exactly the same way a browser does (go), or it absolutely needs to be able to know the Blue Iris machine's IP address etc (no go)?

Thanks.
 

fenderman

Staff member
Joined
Mar 9, 2014
Messages
36,897
Reaction score
21,250
Hello everyone.

Let's say, I'm running a paranoid setup which only allows for web access to my Blue Iris installation. In other words, I can use the web interface, but that's it - the machine is not accessible from the outside otherwise, nor do I want it to be, VPN or no VPN.

Now, I'm thinking of buying the Android app, and the question becomes - is the above setup sufficient for the app to work right out of the box, or I'll have to relax the restrictions? In other words, does the app access a Blue Iris installation in exactly the same way a browser does (go), or it absolutely needs to be able to know the Blue Iris machine's IP address etc (no go)?

Thanks.
The browser needs to know the blue iris machine ip as well how else would you access the video stored on the machine?
 

veert

Young grasshopper
Joined
Jul 27, 2018
Messages
49
Reaction score
2
Location
Switzerland
In a way. Because the browser may only be given the Blue Iris installation's IP / port number - there is a slight difference, which is central to my question.
 

veert

Young grasshopper
Joined
Jul 27, 2018
Messages
49
Reaction score
2
Location
Switzerland
There is, in the sense that there's not much you can do with that specific PC even if I give you the web interface address. You can access Blue Iris given the login details, but that's it.
My question is - is that enough for the app to work, or it needs exactly what you are talking about - general access to the PC.
 

fenderman

Staff member
Joined
Mar 9, 2014
Messages
36,897
Reaction score
21,250
There is, in the sense that there's not much you can do with that specific PC even if I give you the web interface address. You can access Blue Iris given the login details, but that's it.
My question is - is that enough for the app to work, or it needs exactly what you are talking about - general access to the PC.
Once again you are confused. I as I explained earlier, the app and the browser work the same way. You need to input both the ip address and the port. The web interface ip address IS THE IP ADDRESS of the blue iris machine. You are further incorrect in assuming that "there is not much you can do" with access to the webserver. An exploit in the webserver can provide access to the entire pc.
 

Martin Paul Sr

Young grasshopper
Joined
Jun 6, 2018
Messages
65
Reaction score
23
Location
San Jose
I don't know if this makes it more secure, but the only outside access to my network is port 443, which my router forwards to my PC port 443, which is an encrypted server proxy (Stunnel).
Stunnel then forwards the connection to the Blue Iris server port on the same PC.
Details on how to do that with a real https domain can be found in part 1 of a post about how I got the Android app to work on Chromecast, (Chromecast working...!)
If you set this up, your just need to use https and your domain name to reach the server with UI3 web interface and the Android app.
You could do it without a domain name or signed certificate and still reach your server with TLS (OpenSSL) encryption, the only difference is your web browser will warn you, and you won't be able to use Chromecast from the Android app.
 

veert

Young grasshopper
Joined
Jul 27, 2018
Messages
49
Reaction score
2
Location
Switzerland
I
If you set this up, your just need to use https and your domain name to reach the server with UI3 web interface and the Android app.
You could do it without a domain name or signed certificate and still reach your server with TLS (OpenSSL) encryption, the only difference is your web browser will warn you, and you won't be able to use Chromecast from the Android app.
So, the app does use the same access route as the browser, at least with port 443 open. Thanks.
 

veert

Young grasshopper
Joined
Jul 27, 2018
Messages
49
Reaction score
2
Location
Switzerland
as I explained earlier, the app and the browser work the same way. You need to input both the ip address and the port.
The question is whether it's exactly the same port. Which port? Can it be changed? Without that distinction, " the same way" is way too broad.
 

fenderman

Staff member
Joined
Mar 9, 2014
Messages
36,897
Reaction score
21,250
The question is whether it's exactly the same port. Which port? Can it be changed? Without that distinction, " the same way" is way too broad.
Really too broad? Same! How much more narrow can it get?
Can it be changed? It is as if you have not bothered to look at the webserver tab
 
Last edited:

Martin Paul Sr

Young grasshopper
Joined
Jun 6, 2018
Messages
65
Reaction score
23
Location
San Jose
So, the app does use the same access route as the browser, at least with port 443 open. Thanks.
Yes, that's correct. The app and the browser connect to your Blue Iris server through the same address and port.
You do need to have some port open if your want to use either the app or the browser from outside your LAN.
 

veert

Young grasshopper
Joined
Jul 27, 2018
Messages
49
Reaction score
2
Location
Switzerland
Yes, that's correct. The app and the browser connect to your Blue Iris server through the same address and port.
Awesome, just what I needed to know. That means, I won't have to mess around with my setup anymore.

You do need to have some port open if your want to use either the app or the browser from outside your LAN.
Sure, and I do have one open.
 

fenderman

Staff member
Joined
Mar 9, 2014
Messages
36,897
Reaction score
21,250
Awesome, just what I needed to know. That means, I won't have to mess around with my setup anymore.


Sure, and I do have one open.
went from a "paranoid" setup where vpn is not secure enough to an open port :rolleyes:
rereading your post again, I can see that you are more clueless than initially assumed. You are under the false impression that opening a single port to the webserver is more secure than vpn. You could not be more wrong.
 
Top