Blue Iris Remote Access

Blue Iris offers remote access capability via its integrated web server. The web server speaks the HTTP protocol and listens on a TCP port of your choosing.

Normally, routers and firewalls prevent Blue Iris's web server from being accessed from outside of your local area network (LAN). To access Blue Iris remotely over the internet, you need to set up a way to connect to port 81 from anywhere. This guide discusses many ways to do that.

Make sure Windows Firewall does not block inbound traffic to the Blue Iris web server. You can do this by opening the Windows Firewall settings and adding an inbound rule to allow TCP traffic on port {{biWebPort}}.

One easy way to find Windows Firewall settings is to open the start menu and type WF.msc. Otherwise, you can find it in Control Panel > Windows Defender Firewall.

Most people use IPv4 for remote access. To ensure that your Blue Iris computer always has the same IPv4 address, you should configure a DHCP reservation in your router or assign the Blue Iris computer a static IPv4 address. If you assign a static address, make sure it is outside the range of addresses used by your router's DHCP server, but still within the subnet of your LAN network.

Set up a VPN server on your network. You will be able to connect to your VPN server via your public IP address {{bestPublicIp}} from anywhere in the world, and then access Blue Iris via {{biLanUrl}} exactly as if you were at home connected to an ethernet port or WiFi.

First, see if your router has VPN server capability built-in. Asus routers are well-known for having excellent VPN server configuration interfaces. Wireguard is an excellent, fast, and easy VPN. OpenVPN is also popular.

Alternatively, you can follow a tutorial to install a VPN server on your Blue Iris machine or on a Raspberry PI or another similar low-power computer on your local network. Find a tutorial and follow it. This will involve forwarding at least one TCP or UDP port through your router to your VPN server.

Zerotier is a software-defined network that allows you to create encrypted virtual networks between devices over the internet without needing to run a server. Zerotier offers similar security to a VPN.

Set up a free Zerotier account, create a network, and join your Blue Iris machine to the network. Then, join other devices to the same network. All devices on the same Zerotier network will be able to communicate with each other securely using the IPv4 addresses listed for each device in your Zerotier network administration console online.

One of the easier, but less secure methods of remote access is to forward port {{biWebPort}} directly to Blue Iris.

Once this is done, you can access Blue Iris via {{publicIPv4Url}} assuming you used port {{biWebPort}} as the external port in your port forwarding rule. Most routers let you use a different external port if you like.

Using a random high-numbered port between 50000 and 65535 can reduce the amount of nuisance traffic your Blue Iris server receives from bots on the internet.

If your ISP does not provide a publicly routable IPv4 address, you can probably use IPv6. Most major internet providers support IPv6, but you may need to turn IPv6 on in your router.

With IPv6, all addresses are publicly routable, so you just need to create a firewall rule in your router to allow the traffic. This serves the same function as "forwarding a port" with IPv4. Just like with IPv4, you should configure a static IPv6 address on your Blue Iris server, then make sure the firewall in your router is configured to allow inbound TCP traffic to the IPv6 address of your Blue Iris web server on the port number that is configured in Blue Iris's web server settings ({{biWebPort}}).

If the "Customize" section above is filled out correctly, then Blue Iris will be accessible at {{publicIPv6Url}}

If you own a domain and use Cloudflare's DNS servers, you will be able to set up a free Cloudflare tunnel which can make your Blue Iris web server accessible via the internet. Once configured, a Cloudflare Tunnel offers the same ease of access as forwarding a port and using dynamic DNS, except you don't actually do either of those things. The Cloudflare tunnel will also provide you with a secure HTTPS connection with a trusted TLS certificate so your Blue Iris web server traffic is encrypted and safe from eavesdropping.

NGROK is a service that can allow you to connect to your Blue Iris web server via a tunnel through NGROK's cloud servers. Blue Iris offers easy integration with NGROK since version 5.9.4.0 released June 20, 2024.

Once configured, NGROK offers the same ease of access as forwarding a port and using dynamic DNS, except you don't actually do either of those things. NGROK will also provide you with a secure HTTPS connection with a trusted TLS certificate so your Blue Iris web server traffic is encrypted and safe from eavesdropping. An NGROK tunnel can be configured with additional authentication requirements, helping secure your Blue Iris server and protect it from hackers that might otherwise try to exploit a vulnerability in the Blue Iris web server.

NGROK has a free tier, but with a data usage limit of just 1 GB per month as of July 2024. Paid tiers begin at $8 per month for a 5 GB per month data limit, which in my opinion is borderline robbery. A domain registered via Cloudflare would be more like $8 per year and a Cloudflare Tunnel would provide unlimited bandwidth at no additional cost.

If you access Blue Iris by entering an IP address, it can be helpful to register a dynamic DNS hostname instead, especially if your public IP address changes sometimes. Ipcamtalk offers Dynamic DNS service for free, and there are plenty of other providers to choose from.