Closed kars85 closed 1 year ago
Hi. Sorry I did not answer this sooner. Somehow I missed it.
Your log indicates that requests for script/style/etc files such as /ui3/ui3.js
were being redirected to the login page (hence the error complaining about an unexpected <
symbol at the start of what was supposed to be a JavaScript file). This redirect is what Blue Iris does when it can't identify a valid session for a request and you have "Use secure sessions keys and login page" enabled. I wish Blue Iris would refuse requests for such files by delivering an HTTP 403 response, because that would yield a much more appropriate error message. Or better yet just deliver them because they don't contain any sensitive information (unless the user modified the file and added sensitive information. lol). But I don't control Blue Iris's web server at all so this is the way it is.
Anyway, usually the session string is sent in an HTTP cookie called "session", so this situation occurs when something is interfering with the normal operation of HTTP cookies. I don't see anything wrong in your nginx configuration to cause this. One possibility is that you have/had some other web site being hosted on the same domain, and open in another browser tab, and this other web site was deleting or overwriting the session cookie.
Late January brought a BI update that provides the HTTP 403 responses I was wanting. UI3-231 now can detect this failure condition and provide a cleaner error message and an automatic redirect to the login page. It won't solve the underlying issue but it will certainly make it more clear what is going wrong.
I've attached a clean access.log when attempting to access my BI subdomain externally.
Here is my nginix subdomain.conf for BI that's been working fine for years, up until the past few weeks (I'm actually not sure when it quit working as I normally use the BI iOS app).
If something needs to be changed with my config, without diving into a bunch of reading on the different nginx reverse proxy properties, the emphasis was that external access attempts don't get the IP stripped. That way, LAN access requires no authentication.