Closed ssbarnea closed 5 years ago
I can confirm it works behind a reverse proxy, e.g. traefik.
This is the config I use in my docker-compose.yml
for the unifi-video container:
labels:
- traefik.enable=true
- traefik.frontend.rule=Host:unifi-video.mydomain.ch
- traefik.port=7080
- traefik.protocol=http
@x-jokay I guess that is working because you build a contriner with it. I already have my haproxy runnning on the router and I configured it to point to the controller. The issue is that the controller has no idea about its own hostname and it redirects to the IP address.
I guess that what I need is a param to give it that tells is about his hostname.
In my case I am not even using a Dockerfile, I just start it with:
docker create \
--name=nvr \
-v /opt/data/nvr/config:/var/lib/unifi-video \
-v /mnt/media/nvr:/var/lib/unifi-video/videos \
-e PUID=99 \
-e PGID=100 \
-e DEBUG=1 \
--cap-add SYS_ADMIN \
--cap-add DAC_READ_SEARCH \
-p 10001:10002 \
-p 1935:1935 \
-p 6666:6666 \
-p 7080:7080 \
-p 7442:7442 \
-p 7443:7443 \
-p 7444:7444 \
-p 7445:7445 \
-p 7446:7446 \
-p 7447:7447 \
--restart unless-stopped \
pducharme/unifi-video-controller:latest
The readme does not specify anything regarding setting the hostname, that was what I was looking for.
You can set the hostname
of the container by using -h
param, see docker run but I don't think this will solve your problem.
If you point your reverse proxy to {docker-host-ip}:7080
it should work.
I added --hostname nvr.example.com
and worked like a charm. We should add this to the docs as is high likely that others will look for it.
Nice to hear it's working :)
I can confirm it works behind a reverse proxy, e.g. traefik.
Does Live View work for you? I only get a fallback to still images behind Traefik even with the hostname set ("Unable to load
Yes, there seems to be a problem using live view
(behind traefik).
I use the UniFi Video app
and the RTSP stream
but not the live view
from the unifi-controller :wink:
I have it behind a nginx proxy, works fine, but I had to add a custom vhost for live view to work...
server {
server_name [myhostname];
listen 7446 ssl ;
... SSL CONFIG
location / {
proxy_pass https://unifinvr_unifi-nvr_1:7446;
proxy_set_header Host [myhostname];
proxy_ssl_verify off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 300;
proxy_connect_timeout 300;
}
}
I can confirm that that I live view does not work, even if I did port-forwarding betweent the IP of the haproxy load-ballancer and the unifi-video container. We still need more investigation....
Can confirm, too. NVR delivers only locally detected IP addresses for the Live View wss:// connection. Probably a Unifi-thing. With the App it's working flawlessly. We're running it behind Traefik.
If anyone wants to create a reverse proxy wiki article and add the details they know/understand to it, that'd be great! :)
@derfabianpeter Could you post your Traefik config and labels definitions ?
This is the simplified version of the docker-compose.yml
which I used:
version: '3.8'
services:
unifi-video:
image: pducharme/unifi-video-controller:latest
volumes:
- ./data/data:/var/lib/unifi-video
- ./data/videos:/videos
ports:
- 6666:6666/tcp
- 7442:7442/tcp
- 7446:7446/tcp
- 7555:7555/tcp
environment:
- PUID=99
- PGID=100
- DEBUG=0
networks:
- default
- proxy
cap_add:
- SYS_ADMIN
- DAC_READ_SEARCH
labels:
- traefik.enable=true
- traefik.http.routers.unifi-video.entrypoints=https
- traefik.http.routers.unifi-video.tls=true
- traefik.http.routers.unifi-video.rule=Host(`unifi-video.mydomain.com`)
- traefik.http.services.unifi-video.loadbalancer.server.port=7080
proxy:
image: traefik:2.2
volumes:
- /var/run/docker.sock:/var/run/docker.sock
ports:
- 80:80
- 443:443
environment:
- TRAEFIK_ENTRYPOINTS_HTTP=true
- TRAEFIK_ENTRYPOINTS_HTTP_ADDRESS=:80
- TRAEFIK_ENTRYPOINTS_HTTPS=true
- TRAEFIK_ENTRYPOINTS_HTTPS_ADDRESS=:443
- TRAEFIK_PROVIDERS_DOCKER=true
- TRAEFIK_PROVIDERS_DOCKER_WATCH=true
- TRAEFIK_PROVIDERS_DOCKER_NETWORK=proxy
- TRAEFIK_PROVIDERS_DOCKER_EXPOSEDBYDEFAULT=false
networks:
- default
- proxy
networks:
default:
proxy:
external: true
@x-jokay Thank you. But how did you manage to solve UniFi's web socket being sent to port 7446 ? It throws some errors because the certificates won't match (443 is managed by Traefik, valid one, 7446 is managed by UniFi, invalid one)
This may be possible now with TCP routers.
I switched the cameras to standalone and use now rtsp-simple-server in combination with VLC (or any compatible RTSP viewer).
It seems that the web interface would redirect me automatically to its IP:PORT when I am using it behind a http reverse proxy (haproxy).
The web interface should not forcerfly redirect users to its IP as this would either expose its IP or break the SSL layer.
Using a reverse proxy is also a way to expose it to the internet in a secured way. Apparently this is no possible atm due to this automatic redirection.