Menu
What's new

WebProxy: GUI-based alternative to stunnel

bp2008

bp2008

Staff member
IPCT+ Member
Joined
Mar 10, 2014
Messages
12,680
Reaction score
14,038
Location
USA
Hello everyone.

The world has no shortage of ways to do HTTPS reverse proxying to add https:// capability to web applications (like Blue Iris) that lack good support natively: stunnel, nginx, apache, traefik, haproxy, Cloudflare DNS proxy, and many more. Most of these do not have a user interface, so you are required to read lots of documentation and write configuration files by hand, and that has always frustrated me. These programs should be easier to use.

So I built my own HTTPS reverse proxy application with a web-based administration console. I can't take away the need for familiarity with basic networking concepts (IP addresses, port numbers, URLs, etc), but I can certainly build an application where you don't need to dig into a configuration file to make it work.

WebProxy is its name.

Here, I will explain how WebProxy can be used to set up an HTTPS endpoint for Blue Iris.

Get the service running:

1. Download the latest Windows release from here and extract it somewhere on your Blue Iris server.
2. Run WebProxy.exe, press Install Service, then press Start Service. Allow firewall access if prompted.
3. Click the "Admin Console" button, then click the localhost:8080 link to open the admin console website.
4. Log in using the credentials from the Admin Console Login Credentials dialog.
5. There is a question mark button in the upper right of the Admin Console which toggles inline help text to help you learn WebProxy's configuration. Click it so it turns green.

Tell WebProxy what ports you want it to listen on:

6. On the Entrypoints tab on the left, add a new Entrypoint and name it Standard Entrypoint.
7. Check the HTTPS Port checkbox, and if you prefer, customize the port number.

Tell WebProxy about Blue Iris's web server:

8. On the Exitpoints tab, add a new Exitpoint and name it Blue Iris.
9. Choose Exitpoint Type: WebProxy
10. Type a star * in the Host Binding field to make it listen to all hosts. If you have a domain name already routed to the Blue Iris computer, you can enter that name here instead.
11. Type http://127.0.0.1:81 in the Destination Origin field, changing port number 81 to whatever port your Blue Iris web server listens on.

Create a route between your new Entrypoint and Exitpoint:

12. On the Routes tab, add a new Route.
13. Choose Standard Entrypoint in the first dropdown box and choose Blue Iris in the second dropdown box.

Save

14. Click the red Save Changes button in the top bar of the Admin Console, and your changes will be applied immediately.

The Dashboard tab shows your new proxy route in the Hosted URL Summary.

To see it work, try loading or use whatever domain name and port number you configured.

If you have any trouble, check the Log tab to make sure the ports got bound correctly and no other errors have occurred.
 
Last edited:
bp2008

bp2008

Staff member
IPCT+ Member
Joined
Mar 10, 2014
Messages
12,680
Reaction score
14,038
Location
USA
Advanced Setup

When learning WebProxy, is recommended to enable help text by clicking the question mark button in the upper right of the Admin Console. Click it so it turns green and help text will appear throughout most of the interface.

Automatic SSL Certificate

WebProxy supports getting and renewing an SSL certificate automatically via LetsEncrypt, but some things need to be configured a certain way first:

1. On the Settings tab, put your email address in the LetsEncrypt Account Email field.
2. Make sure your WebProxy server is reachable via the internet on port 80 or 443 (or both).
3. Configure an Exitpoint to listen on one or more domain names via the Host Binding field. The star * character should not be used.
4. Check the Automatic Certificate from LetsEncrypt box on the Exitpoint.
5. The Exitpoint where you enabled automatic certificate management needs to be reachable via port 80 or 443 (see the Routes tab).

The certificate will be obtained automatically the next time you access this exitpoint via an HTTPS URL. If you already have a different certificate loaded, you can use the Force Renew Certificate button to have WebProxy attempt to get a new one.

Check the Log tab to see detailed logs of certificate creation/renewal.

Those who use Cloudflare DNS may optionally enter a Cloudflare API Token into the Settings tab and then enable Cloudflare validation in each Exitpoint. Thereafter, DNS validation will be used and your WebProxy server does not need to be publicly accessible.
 
Last edited:
You must log in or register to reply here.
Top