Closed njwedwards closed 7 years ago
Probably the camera you've connected isn't working properly (check the logs).
Seems to be working fine. I have checked logs/log.stash and can't see any errors, where else can I look?
The captures are working fine, but I can't get the live stream.
Thanks!
Ok I have nearly got it. The only thing stopping this now is the fact that the url is https and not http which would all it to work. How can this be changed. Also can I specify the url itself?
the url of the stream? can you show a screenshot of the request made?
Yes that is correct http://user:pass@192.168.4.20:8899 works fine locally. However when using the web gui i am using https://domain.name and when the web gui runs it tries to access https://domain.name:8899 which does not work. I need it to be http not https
did you enable https, in the .env file?
I just did that now. It has not made any difference.
APP_URL=http://localhost (changed to https also) SECURE_SSL=true
Again the web app works fine apart from the stream which is on http.
did you expose port 8889 as well?
Port 8899 is exposed on my router. However it does not seem to work correctly. I am getting quite a few of these in the logs:
Aug 7 21:48:58 pi kerberosio[517]: 07/08/2017 21:48:35.538 ERROR [trivial] Stream: no token found in client request. Aug 7 21:48:58 pi kerberosio[517]: 07/08/2017 21:48:35.539 INFO [trivial] Stream: authentication failed.
Everytime I try to go to http://domain.name:8899 it then changes me over to https
hmm, that's something to your webserver related.
I don't think this is related to nginx as the listening service is kerberosio:
root@pi:~# netstat -antlp | grep 8899 tcp 0 0 0.0.0.0:8899 0.0.0.0:* LISTEN 517/kerberosio
Ok the issue with it going from http to https by default was caused by the Chrome browser using HSTS for the domain. https://www.chromium.org/hsts .
The main issue remains. My install is using https. Kerberos web is asking for the stream from https://domain.name:8899. The kerberosio process listening on this port then says that it cannot support an https stream.
"This site can’t provide a secure connection"
hey @njwedwards, hmm ok. I have no time to dig in but I think you can add a simple hack by doing this (assuming http:// does work for the live stream).
Change this line to "http" https://github.com/kerberos-io/web/blob/master/app/Http/Controllers/SettingsController.php#L288
However we need to find out why it doesn't serves on https://
It works now! Thanks very much!
Also for reference and not related to kerberos web, I had to disable HSTS in nginx as it kept still kept trying to push me to https.
add_header Strict-Transport-Security "max-age=0;";
Ok, well I think it's still strange that the https call isn't redirected properly to the machinery. We'll need to find out how we can configure it through nginx, I guess we need to define a reverse proxy.
The https call is not redirected because the call from the api:
https://domain.name/api/v1/stream
Is to:
{"url":"https:\/\/domain.name:8899","port":"8899"}
Using an nginx reverse proxy may be the best idea here to ensure that browsers do not throw up warnings that not all content is https.
Correct, I think you should fetch the port 8889 in the nginx config, and proxy pass it to the same domain but with http (https://serverfault.com/questions/145383/proxy-https-requests-to-a-http-backend-with-nginx).
We did something similar in the docker configuration. Check this out: https://github.com/kerberos-io/web/blob/master/docker/web.conf#L23-L27
ok, I think I get that, but how do I get the web app to call https://domain.name/stream ? I have not seen how to add a url path, only how to change the port?
This is just an example, if you want to use a reverse proxy you will need to setup an additional nginx service, which you'll need to place between your domain name and local nginx config (kind of man in the middle attack). The reverse proxy will fetch the requests and pass them through to your local nginx server. By this you can easily intercept requests on port 8889 and forward them to whichever url your prefer.
The weird things is that when you're browsing https:// it doesn't reaches the live stream on port 8889 at all.
Even after running on the Pi for a few hours. What is this and how do i debug?
Thanks!
Nick