Do I have to host it or just own it?
How to run a reverse proxy VM on your BI...
Re: How to run a reverse proxy VM on your BI...
And where does all this go. Do I access a config file or type it into the terminal?HeneryH wrote: ↑Tue Jan 21, 2020 4:46 pm Nginx works by matching patterns in the URL to figure out the desired destination. If you don't have multiple web servers or domain names then you can just put the configs below in the default config.
FYI on Nginx Install Warns - You may see these warnings and can edit the main config file.I have multiple domain names I like to route separatelyCode: Select all
[warn] 21183#0: could not build optimal types_hash, you should increase either types_hash_max_size: 2048 or types_hash_bucket_size: 64; ignoring types_hash_bucket_size cd /etc/nginx vi nginx.conf # add an include for the sites-enabled directory (if you are using them), fix the warns # server_names_hash_bucket_size 64;
Put this relevant line in either you default or specific config.Code: Select all
mkdir /etc/nginxsites-enabled vi /etc/nginxsites-enabled/domain1.com.conf vi /etc/nginxsites-enabled/domain2.com.conf ## you most likely don't need this #htpasswd -c /etc/nginx/.htpasswd jjflynn22 # the -c only for first time # this is for passwords in Nginx nginx -s reload # after changes force a reload of configs
Code: Select all
location / { proxy_pass http://192.168.1.10:81; # <--- where this is your BI instance }
Re: How to run a reverse proxy VM on your BI...
There are two configs: one for the app and any number of site specific one.
The file "/etc/nginx/nginx/conf" has the correction to get rid of the warning and also links to any separate website specific confs.
The file "/etc/nginx/nginx/conf" has the correction to get rid of the warning and also links to any separate website specific confs.
Code: Select all
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 4048; ###### <----- this corrects the warning
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server { ###### <----- this is the default server if there are no other blocks that match
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / { ###### <----- You can put the proxy command here if you would like and don't have any other web configs
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
include /etc/nginx/sites-enabled/*.conf; ###### <----- Many people serve multiple virtual web servers
}
Re: How to run a reverse proxy VM on your BI...
Anyone can hit this server by just IP address. No problem using the default nginx server block.
If you have a domain name that resolved to your home IP address, you can set up free certificates. Now that I think about it, you really don't even need full access to the DNS records. As long as it resolves to your home IP you can set the certificates. This would be the next step after getting your reverse proxy to work.
Re: How to run a reverse proxy VM on your BI...
OK, I just wanna get this straight in my head... You’re running a Linux (Fedora) VM, setup with VirtualBox, and a little help from XTerm. This is all on the Windows BI machine so you can run a Nginx Reverse Proxy server. Which should be more secure than Port Forwarding for UI3.
Is that about right? Sounds awesome.
I just got a new miniPC that has Win10Pro installed on it. I got BI4 running on it with a brand new license just last night. I know I can run VMs with 10Pro so I was thinking I’d go that route, but I’ve also been thinking about Linux. I also have an ISO of Server2016 I thought I might try. Anyway, do you think it’s significantly more secure to go with the Linux VM? Or, is it also easier to setup & maintain? I was planning a FreeNas Vm in the future also.
Is that about right? Sounds awesome.
I just got a new miniPC that has Win10Pro installed on it. I got BI4 running on it with a brand new license just last night. I know I can run VMs with 10Pro so I was thinking I’d go that route, but I’ve also been thinking about Linux. I also have an ISO of Server2016 I thought I might try. Anyway, do you think it’s significantly more secure to go with the Linux VM? Or, is it also easier to setup & maintain? I was planning a FreeNas Vm in the future also.
Last edited by chuckt on Fri Jan 24, 2020 5:54 pm, edited 1 time in total.
Re: How to run a reverse proxy VM on your BI...
It seems like I would need a static IP from my ISP to keep the SSL certs working, or can DDNS take care of that?
- Thixotropic
- Posts: 747
- Joined: Wed Sep 04, 2019 7:20 pm
- Location: Low-Earth Orbit
Re: How to run a reverse proxy VM on your BI...
I posted a short bash script here that I use (on my Linux Mint box) for uploading the current WAN IP whenever my PC reboots. It puts the IP in a text file and uploads it to one of my servers, so if I'm somewhere else and it changes (like from a power outage) all I need to do is go to the site and view the text file.
I use the webserver built into BI and it seems to work as it should.
Blue Iris 5.x x64 | Windows 10 Pro x64 | 16GB RAM | i7-7700 3.6 GHz | 1TB HDD | 2TB RAID NAS | 9 Cameras | Almost Dual NIC | 2KVA UPS
Re: How to run a reverse proxy VM on your BI...
Yes, either static or DDNS. I use a service on my main PC box to update my DDSN service. There are many options and it can be updated by any machine on your home network. I actually ended up paying a small fee for some extra benefits I found useful.
Re: How to run a reverse proxy VM on your BI...
Will this work behind a cgnat?
Re: How to run a reverse proxy VM on your BI...
HeneryH, am I correct in assuming the solution you've outlined in this thread will allow me to host a WordPress website on a VM on a Windows Server also running Blue Iris...and make it look like the Blue Iris camera feeds are in a subdirectory of the WordPress website?HeneryH wrote: ↑Sat Jan 18, 2020 9:06 pm
- The reverse proxy can accept incoming connections and route those connections to BI or whatever other servers you may have running. I have a BI instance running in my home but also several other servers. The single reverse proxy knows what the incoming connection looks like and routes appropriately.
Second, is it possible to set an htaccess or NGINX rule that will, in effect, intercept connection attempts to anything within the subdirectory used to view Blue Iris camera feeds?
I have an htaccess rule that says, "If trying to access anything within a certain directory, in this case /wp-content/uploads/, instead load a PHP file, which checks to see if the traffic or connection meets certain conditions, in this case is logged into the site as a user in the WordPress database. But would this actually work with a Blue Iris camera feed that originates from the same place, accomplished presumably through a reverse proxy, when it is not technically a file?