It looks like push notification links back to the event thumbnail via URL that looks like this:
http://<BI-server-IP-address>/thumbs/@<thumb-id>?session=<session-id>
<BI-server-IP-address> is always resolved IP address of your externally visible BI server (like 101.202.101.202). If BI server is behind firewall, that will be your externally visible IP address of your firewall (firewall then needs to know how to internally forward request to your BI server - via NAT or otherwise)
<thumb-id> is some long decimal number, determined by BI
<session-id> is some long hexadecimal number, determined by BI
If you are exposing service via HTTPS protocol instead, you need to check "Stunnel is installed for HTTPS on port" option, and http in above example is going to be replaced with https. Even if you are not using Stunnel, but some other means of protecting server via SSL, like reverse proxy (nginx), you have to check that option. Bottom line is, something that looks like
or
has to resolve back to your BI server, so it can return the thumbnail to the caller.
In my case I'm using nginx as reverse proxy. Requests that come from the outside are analyzed by nginx and it determines where (to which of my multiple servers) it needs to proxy that request. Each of my servers has unique registered name, but they all point to the same externally visible address of my firewall. For example
bi.mydomain.org 101.202.101.202
automation.mydomain.org 101.202.101.202
syslog.mydomain.org 101.202.101.202
etc.
When request to bi.mydomain.org comes in, nginx knows that it need to proxy that to my server with internal IP address of 10.1.1.10.
So, what happens when request comes in as
? Well, nginx does not know what server is request for, and responds with one of the standard HTTP codes like 404 Not Found, or 401 Not Authorized, etc. (depending on configuration). That's when you get big white block instead of the thumbnail.
I had to adjust my nginx configuration to analyze URL location (
/thumbs/@391132345) and URL arguments (
session=2c6b3959680f76012cd21e8550c13db7). When they conform to the above patterns, it knows that's request for BI thumbnail and proxies request to the Bi server. Now I get thumbnail with every push notification.
This is location block in my nginx default.conf that worked for me (server name and IP address are made up):
#
Blue Iris push notification thumbnails
location ~ ^/thumbs/@[0-9]* {
proxy_set_header Host bi.mydomain.org;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
add_header Front-End-Https on;
proxy_read_timeout 90;
if ($args ~ "^session=[0-9a-fA-F]*$") {
break;
}
}
I'm sure nginx experts can improve on it.