Possible to secure the BI web server?

[HelloAgain]

By chance, is it possible to secure the BI web server? I'm using STunnel encapsulate its web traffic via HTTPS and have it setup well enough to get an A+ rating via Qualys SSLLabs, however I want to do more.

I'd like to do a few more things such as adding some security headers, removing where the server notifies the world as to the server and version I'm running (IE: BlueServer/4.8.5.0), etc.

 

[bp2008]

nginx can be a powerful reverse-proxy server and should be able to remove headers and add an additional layer of http authentication if you want.

The most secure way to go is to use your router's VPN server (if available) and not forward a port to Blue Iris at all. Then you could even turn off authentication for BI if you wanted.

 

[tangent]

didn't @nayr run an nginx reverse proxy with certificate authentication?

 

[HelloAgain]

So, I disabled STunnel and setup nginx. Overall, it was pretty easy to setup, however I can't figure out one thing. Has anyone been able to get TLSv1.3 to work with the Windows version of nginx?

It's looking like the openssl version embedded within nginx is out of date and I can't figure out how to update it. This isn't critical; it's more me just trying to be thorough.

 

[Martin Paul Sr]

Would you be able to use the mobile app if the server is in a VPN?

 

[tangent]

Would you be able to use the mobile app if the server is in a VPN?

You have to connect to the VPN first, then yes.

 

[Martin Paul Sr]

Which I guess means installing a VPN client for Android or IOS that's made to play with whatever VPN you're using one the server?

 

[tangent]

Which I guess means installing a VPN client for Android or IOS that's made to play with whatever VPN you're using one the server?

That depends on the VPN server, iOS and Android both have built in VPN clients.

 

[Martin Paul Sr]

How about that, learn something new every day. Thank you.