TinyCam + BI over HTTPS (Apache)

T

TnGoat

n3wb
Jun 25, 2018
11
1
USA
I'm using Apache2 with mod_proxy to provide HTTPS access to Blue Iris (and a bunch of other things). It works great via a browser but TinyCam seems to be unable to get the video stream. If I disable my HTTP>HTTPS redirect and just connect over HTTP TinyCam works but I don't want to be doing plain-text connections over the internet.

Code: 
<VirtualHost *:80>
    ServerAdmin admin@example.com
    ServerName blueiris.home.example.com

    #Redirect permanent / https://blueiris.home.example.com/
    ProxyPreserveHost On
    ProxyPass / http://winvm:81/
    ProxyPassReverse / http://winvm:81/
</VirtualHost>

<VirtualHost *:443>
    ServerName blueiris.home.example.com

    ProxyPreserveHost On
    ProxyPass / http://winvm:81/
    ProxyPassReverse / http://winvm:81/

    SSLEngine On
    SSLCertificateFile /etc/letsencrypt/live/home.example.com/cert.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/home.example.com/privkey.pem
    SSLCertificateChainFile /etc/letsencrypt/live/home.example.com/chain.pem

    # HSTS (mod_headers is required) (15768000 seconds = 6 months)
    Header always set Strict-Transport-Security "max-age=15768000"
</VirtualHost>

Note that I've verified TinyCam does send the right SNI header and even disabling SNI with blueiris.home.example.com being the only active SSL host it still fails. I realize this is probably more of a TinyCam issue but thought I'd ask if anyone had similar experience.
 
Looks like it is probably a bug in TinyCam

All the login/setup requests look like:
Code: 
GET /jpegpull.htm HTTP/1.1
Cookie: session=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx; expires=Fri, 31 Dec 9999 23:59:59 GMT; domain=blueiris.home.example.com; path=/
Host: blueiris.home.example.com
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/3.10.0

The request to get the actual video stream looks like:
Code: 
GET /video/garage-cam/2.0?audio=0&stream=0&extend=2 HTTP/1.0
User-Agent: Android/9 (Pixel XL) com.alexvas.dvr.pro
Cookie: session=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

So whatever library TinyCam uses to make the HTTP request for the video stream isn't setting a Host header. Guess I'll have to see if I can do some Apache config magic to compensate.
 
Looks like the key bit from the logs is:

Code: 
[Sat Jun 30 20:14:44.894191 2018] [ssl:error] [pid 9893:tid 140566922766080] AH02031: Hostname blueiris.home.example.com provided via SNI, but no hostname provided in HTTP request

I emailed TinyCam to ask if they can fix their client to set a Host header when requesting the video stream.
 
Alexey did an awesome job and already provided a fix! I'd guess the next actual release of the app will include the patch.
 
You must log in or register to reply here.
Top Bottom