Networking /Android app / making push notifications work

[veert]

Hello everyone.

Let's say, I'm running a paranoid setup which only allows for web access to my Blue Iris installation. In other words, I can use the web interface, but that's it - the machine is not accessible from the outside otherwise, nor do I want it to be, VPN or no VPN.

Now, I'm thinking of buying the Android app, and the question becomes - is the above setup sufficient for the app to work right out of the box, or I'll have to relax the restrictions? In other words, does the app access a Blue Iris installation in exactly the same way a browser does (go), or it absolutely needs to be able to know the Blue Iris machine's IP address etc (no go)?

Thanks.

 

[fenderman]

Hello everyone.

Let's say, I'm running a paranoid setup which only allows for web access to my Blue Iris installation. In other words, I can use the web interface, but that's it - the machine is not accessible from the outside otherwise, nor do I want it to be, VPN or no VPN.

Now, I'm thinking of buying the Android app, and the question becomes - is the above setup sufficient for the app to work right out of the box, or I'll have to relax the restrictions? In other words, does the app access a Blue Iris installation in exactly the same way a browser does (go), or it absolutely needs to be able to know the Blue Iris machine's IP address etc (no go)?

Thanks.

The browser needs to know the blue iris machine ip as well how else would you access the video stored on the machine?

 

[veert]

In a way. Because the browser may only be given the Blue Iris installation's IP / port number - there is a slight difference, which is central to my question.

 

[fenderman]

In a way. Because the browser may only be given the Blue Iris installation's IP / port number - there is a slight difference, which is central to my question.

you are confused there is no difference

 

[veert]

There is, in the sense that there's not much you can do with that specific PC even if I give you the web interface address. You can access Blue Iris given the login details, but that's it.
My question is - is that enough for the app to work, or it needs exactly what you are talking about - general access to the PC.

 

[fenderman]

There is, in the sense that there's not much you can do with that specific PC even if I give you the web interface address. You can access Blue Iris given the login details, but that's it.
My question is - is that enough for the app to work, or it needs exactly what you are talking about - general access to the PC.

Once again you are confused. I as I explained earlier, the app and the browser work the same way. You need to input both the ip address and the port. The web interface ip address IS THE IP ADDRESS of the blue iris machine. You are further incorrect in assuming that "there is not much you can do" with access to the webserver. An exploit in the webserver can provide access to the entire pc.

 

[Martin Paul Sr]

I don't know if this makes it more secure, but the only outside access to my network is port 443, which my router forwards to my PC port 443, which is an encrypted server proxy (Stunnel).
Stunnel then forwards the connection to the Blue Iris server port on the same PC.
Details on how to do that with a real https domain can be found in part 1 of a post about how I got the Android app to work on Chromecast, (Chromecast working...!)
If you set this up, your just need to use https and your domain name to reach the server with UI3 web interface and the Android app.
You could do it without a domain name or signed certificate and still reach your server with TLS (OpenSSL) encryption, the only difference is your web browser will warn you, and you won't be able to use Chromecast from the Android app.

 

[veert]

I
If you set this up, your just need to use https and your domain name to reach the server with UI3 web interface and the Android app.
You could do it without a domain name or signed certificate and still reach your server with TLS (OpenSSL) encryption, the only difference is your web browser will warn you, and you won't be able to use Chromecast from the Android app.

So, the app does use the same access route as the browser, at least with port 443 open. Thanks.

 

[veert]

as I explained earlier, the app and the browser work the same way. You need to input both the ip address and the port.

The question is whether it's exactly the same port. Which port? Can it be changed? Without that distinction, " the same way" is way too broad.

 

[fenderman]

The question is whether it's exactly the same port. Which port? Can it be changed? Without that distinction, " the same way" is way too broad.

Really too broad? Same! How much more narrow can it get?
Can it be changed? It is as if you have not bothered to look at the webserver tab

 

[Martin Paul Sr]

So, the app does use the same access route as the browser, at least with port 443 open. Thanks.

Yes, that's correct. The app and the browser connect to your Blue Iris server through the same address and port.
You do need to have some port open if your want to use either the app or the browser from outside your LAN.

 

[veert]

Yes, that's correct. The app and the browser connect to your Blue Iris server through the same address and port.

Awesome, just what I needed to know. That means, I won't have to mess around with my setup anymore.

You do need to have some port open if your want to use either the app or the browser from outside your LAN.

Sure, and I do have one open.

 

[fenderman]

Awesome, just what I needed to know. That means, I won't have to mess around with my setup anymore.


Sure, and I do have one open.

went from a "paranoid" setup where vpn is not secure enough to an open port
rereading your post again, I can see that you are more clueless than initially assumed. You are under the false impression that opening a single port to the webserver is more secure than vpn. You could not be more wrong.