Custom external IP or domain name

Custom external IP or domain name

Custom external IP or domain name
Custom external IP or domain name
2024-09-27 17:43:45
Model: VIGI VMS  
Hardware Version:
Firmware Version:

Hello,

 

(a ton of nerdy speak following)

I've been using VIGI VMS for a while now, overall pleasant experience.

 

But I stumbled upon a critical problem. Here's my setup:

  • VIGI VMS running on a Windows Server machine behind NAT;
  • The machine has an intranet (private) IP 192.168.0.70;
  • All ports used by VIGI VMS (according to this article) are forwarded to this machine;
  • My dynamic public IP address is associated with a domain name provided by a DDNS service;
  • I am logging in via VIGI mobile app from external network (LTE) using this domain name.

 

While authentication and other REST API requests (like getting list of sites / devices) are working fine, I noticed that video stream from my camera isn't working, as well as the 'Talk' function (I own VIGI C230I Mini).

At first, I suspected that SSL might be the cause, so I spent several days trying to create a self-signed certificate and import it inside VMS web UI, but that led me to same result. Then I decided to explore some REST API requests using dev tools 'Network' tab in a web browser.

And to my disappointment, I found out that POST /api/v1/vms/<vms_id>/sites/<site_id>/relay/requestStream returns my machine's intranet address 192.168.0.70 as a value for the field result.relayUrl, disregarding that I'm accessing VIGI VMS web UI via DDNS-provided domain from an external network.

 

From my experience, for solving this kind of issues it is usually expected to have a way of specifying an external IP or a domain which will be used for accessing the service from outside, so I'd suggest implementing that.

 

Still, I might be doing/understanding something wrong, so feel free to correct me.

 

 

  0      
  0      
#1
Options
1 Reply
Re:Custom external IP or domain name
2024-09-27 18:23:03 - last edited 2024-09-30 09:17:53

But as a temporary solution:

 

To make media server serve video streams for clients who are outside of network which the server is in, it is sufficient to override a response of an endpoint I mentioned earler (POST /api/v1/vms/<vms_id>/sites/<site_id>/relay/requestStream), so it contains your external IP or a domain name instead of an intranet IP.

To achieve this, I ran an NGINX reverse proxy that proxies all traffic to the VMS Web Server (with default port changed to 18081), except the path of this one endpoint, which it redirects to my own small HTTP server written in Python (with Flask):

import requests
from flask import Flask, request

 

app = Flask(__name__)


@app.post("/api/v1/vms/<path:vms_id>/sites/<path:site_id>/relay/requestStream")
def request_stream(vms_id, site_id):
    requests.post(
        f"https://127.0.0.1:<VMS_WEB_SERVER_PORT>{request.path}", # TODO
        verify=False,
        headers=request.headers,
        json=request.get_json(),
    )
    return {
        "errorCode": 0,
        "message": "success.",
        "result": {
            "relayUrl": "<YOUR_EXTERNAL_IP_OR_DOMAIN>", # TODO
            "relayPort": 10556,
            "relaysPort": 10556,
        },
    }

 

Also here's my nginx.conf

server {
    listen       8081 ssl;

    ssl_certificate      <YOUR_SSL_CERTIFICATE>.cer; # TODO
    ssl_certificate_key  <YOUR_SSL_CERT_PRIVATE_KEY>.pem; # TODO

    location / {
        location ~ (.*)/relay/requestStream$ {
            proxy_pass   http://127.0.0.1:<FLASK_SERVER_PORT>; # TODO
        }
        proxy_pass   https://127.0.0.1:<VMS_WEB_SERVER_PORT>; # TODO
    }

}

 

Notice that you'll have to generate a self-signed SSL certificate for Nginx.

 

TP-Link hire me

  0  
  0  
#2
Options