OpenALPR Webhook Processor for IP Cameras

biggen

Known around here
Joined
May 6, 2018
Messages
2,539
Reaction score
2,765
Yes you have to port forward the webhook coming from the OpenALPR server to his service to actually make it work.

We preach not to port forward to cameras because they have poor security track records. Now of course @mlapaglia service may have an unknown risk somewhere but that is why we have been heavily testing it. It also runs inside a docker container which is going to be much more secure than running a program straight on bare metal.
 

wittaj

IPCT Contributor
Joined
Apr 28, 2019
Messages
24,429
Reaction score
47,550
Location
USA
Is this port forward on the router or the ports in the firewall inbound/outbound or are they ultimately one in the same? I know just enough to be dangerous.

I guess I will try getting Docker to work - I tried it many months ago and kept coming up with an error that I do not recall at the moment what it was, but I googled it and found all these ways to potentially get it going and none of them worked.
 

biggen

Known around here
Joined
May 6, 2018
Messages
2,539
Reaction score
2,765
Your router will have a port forwarding section. It’s there you will forward port 3859 to the machine hosting the container/service.

I think he has a version that runs on Windows without Docker. Anything you run on Windows (including Docker) you will probably have to make an exception for that port in the Windows firewall for ingress as well or Windows will block the incoming webhook.
 

wittaj

IPCT Contributor
Joined
Apr 28, 2019
Messages
24,429
Reaction score
47,550
Location
USA
Yes he does have a Windows version, but if Docker provides a more secure solution, I will look again into that.
 

mlapaglia

Getting comfortable
Joined
Apr 6, 2016
Messages
849
Reaction score
506
attempt at proxying the image requests through the service to the agent is in v3.2.1-alpha1
 

biggen

Known around here
Joined
May 6, 2018
Messages
2,539
Reaction score
2,765
attempt at proxying the image requests through the service to the agent is in v3.2.1-alpha1
Yup! I turned off allow "Insecure Content" in Chrome and I can still see all the images when browsing the service over my reverse proxy with HTTPS. Well done. That was a fast fix!

Edit: I still have to hit refresh to see plate pictures as they come in while the page is open. I see the new records being pushed (auto updated) to the page, but if I click on the plate entry I get the missing picture thumbnails until I refresh and then they load fine.
Edit2 - What I've noticed is that if I wait long enough, those new entries that get autoupdated to your service will eventually have the car/plate pictures. Its just if you try to click on a newly pushed plate entry, then you have to hit the refresh button. But if you wait long enough, you don't have to manually refresh. Must be a timing thing.
 
Last edited:

biggen

Known around here
Joined
May 6, 2018
Messages
2,539
Reaction score
2,765
I know I've asked before but did you consider putting some type of failed login timeout feature in? Like after 3 failed attempts block all logins for 60 seconds or something similar?? Since the login page is forward facing, it would be pretty easy to script something that did an automatic dictionary based attack on that page to attempt to gain login credentials. I'd guess it could even cause CPU memory issues for the VM running the container if the attacks happened quick enough.

Also, whats the reason the service publishes port 443/tcp? I see it listed in docker ps as well as 3859 -> 80. I get why 3859 forwards to the internal port 80 on the container, but what is 443 used for?
 
Last edited:

IReallyLikePizza2

Known around here
Joined
May 14, 2019
Messages
1,852
Reaction score
4,441
Location
Houston
I'm not running on the $5 plan, so we will see if I have any issues

Is there a way to have it save my setting of 100 cars per page? I'd also love it if I could auto expand all results to see images
 

IReallyLikePizza2

Known around here
Joined
May 14, 2019
Messages
1,852
Reaction score
4,441
Location
Houston
Later on I am going to be moving my container from my Debian based Docker host, to Docker running on Windows Server 2019 which is the box that runs OpenALPR

I should just be able to copy the files over right?
 

biggen

Known around here
Joined
May 6, 2018
Messages
2,539
Reaction score
2,765
Yup. Just copy all the .db files over. You can omit the user.db if you want since it’s easy to create a new user anyway.
 

mlapaglia

Getting comfortable
Joined
Apr 6, 2016
Messages
849
Reaction score
506
added some convenience , pressing enter when searching for a plate will auto search, expanding a plate and clicking "search for plate" will automatically put it into the filter and do a search.

output.gif
 

biggen

Known around here
Joined
May 6, 2018
Messages
2,539
Reaction score
2,765
Hmm... I pulled latest but didn't see those changes. I guess I need to clear out the container and make sure I pulled the right version.
 

mlapaglia

Getting comfortable
Joined
Apr 6, 2016
Messages
849
Reaction score
506
i had to force refresh my browser for some reason once i updated.
 

biggen

Known around here
Joined
May 6, 2018
Messages
2,539
Reaction score
2,765
I was just coming back to say that!

This is an awesome feature by the way.
 

IReallyLikePizza2

Known around here
Joined
May 14, 2019
Messages
1,852
Reaction score
4,441
Location
Houston
For real, this is a game changer. In OpenALPR I see a suspicious car and I have to copy the plate and go do a search, what a pain
 

biggen

Known around here
Joined
May 6, 2018
Messages
2,539
Reaction score
2,765
This whole setup is a game changer. Kudos to you for doing this. Every release gets better and better. I can't wait check here and see your daily updates!
 
Last edited:
Top