+73
Researching

Blue Iris support

M.a.S.e 2 years ago in Media Tiles / Video Camera Feeds • updated by cschoepp3d 4 days ago 64 1 duplicate

Opening this thread to explore the option to officially support Blue Iris security Cameras software.

  • BI is the most used and popular security cameras software out there.
  • It has its own authentication and also support https.
  • Would be awesome to have official support for it and eliminate the need to redirect RTSP by using VLC or opening different ports and exposing each camera separately.
  • Having BI Support is something i personally would LOVE to see.


Windows Mac iOS Fire Android

Answers

+1
Answer

Working Solution for Blue Iris Integration into Action Tiles that features;


  1. Over standard HTTPS with User / Pass Authentication
  2. More than 6 cameras coming from same BI server
  3. Full MJPG


For the TLDR version, basically run Apache web server as a reverse proxy to the BI  server and have multiple sub domains reverse peroxided to BI, with each one supporting 6 concurrent connections in Chrome.     


Now in in depth how my setup works:


1) Blue Iris is configured as below:



2) Apache's httpd-ssl.conf file is configured as follows.  (Only relevant sections, not full httpd-ssl.conf file!)


Download httpd-ssl.conf File.



3) Urls used with Action Tiles:


First 6 Cams: https://cctv.mydomain.com/mjpg/ShortCamName/video.mjpg?user=BIUSER&pw=BIPASSWORD


Next 6 Cams: https://cctv2.mydomain.com/mjpg/ShortCamName/video.mjpg?user=BIUSER&pw=BIPASSWORD




And that is pretty much it; however it is worth noting:



  • I only have 9 cams, so only need two sub-domains. Additional sub domains can of course be created, with each one supporting 6 concurrent connections to the BI server.

           I suspect Chrome regards each sub-domain (what is then reverse peroxided to the BI server) as a 

           separate destination/resource/server.


  • I have a static WAN IP, however you may use a DDNS service if you don't have access to a static WAN IP.



  • My Router/Firewall has Port 80 and Port 443 opened to the local IP of my Apache web server. (Same physical server as BI)



Hope someone finds this useful!



PINNED

Sorry to get your hopes up... This is actually a step backwards. 

PINNED

YAY. Status changed to "researching" .... this got me excited ! cannot wait for BI native support!!!

+4
PINNED
Planned

The root cause of this issue in Chrome is the browser's limit of 6 concurrent requests to the same server.


We have come up with a workaround to clear up connections that get used up when a Video Tile is magnified. This fix is short listed for one of the next upcoming releases.

+1
PINNED

FYI: Limit of Number of Streams from same video server...

There's a confirmed bug with Chrome that only allows loading up to 6 video streams from the same server/IP. For a number of reasons, the limit of 6 gets used up even with fewer than 6 Tiles that display Blue Iris streams. We have a workaround in the pipeline to remedy this. For now, the only workaround is to use a different browser.

PINNED

I finally got this working for me with Blue Iris as I don't require a password on the local network and I use the BI app remotely.

Format I used was : http://BI_IP:BI_PORT/mjpg/Cam_Short_Name/video.mjpg

I had tried this over and over again and it wasn't until I put the Cam_Short_Name in did it work.

I still haven't figured out how to get this to connect directly to my Hikvision cameras but this will work for now.

Duplicates 1

+1

I got this working on WINDOWS and iOS. I entered the URL as below. When i launch ActionTiles for the first time, i get a pop up asking me for authentication and voila!!!!

Http://IP:PORT/mjpg/CAMERA NAME/video.mjpeg

+2

The problem with doing that is that you must disable "secure only" in the login prefrences to have access via internal IP. and i personally prefer not do to so. it works well if you use the public IP, but it could be an issue if you dont have a static public IP. non the less, thanks for the TIP bro. as this is a nice workaround :)

Would be great to have a dedicated panel that just showed the camera's using BI.

+2

as well as the LAN IP URL noted above, you can view streams using your WAN IP and embed your credentials into the URL:


http://USER:PASSWORD@WANIP:PORT/mjpg/CAMNAME

Don't think you can do so with "secure login" enabled.

Another issue is that in tablet (fully kiosk or chrome) you need to have a sub going to bi web portal. Otherwise after a few AT all show gray box for the cams. It's just not easy for prime time. Honestly the best thing would be to either natively support bi via api or introduce a native mini browser as a tile.

Where is the option to disable the "secure login"? Is that a BI setting?

This works if I direct enter it into the Fully browser, but does not work if I use the same url in a media actiontile....

Mike, when an image/media URL is entered directly in the address bar, the browser is in a different mode. Browsers behave differently when they are in Media Mode or HTML Mode.

+1
PINNED

FYI: Limit of Number of Streams from same video server...

There's a confirmed bug with Chrome that only allows loading up to 6 video streams from the same server/IP. For a number of reasons, the limit of 6 gets used up even with fewer than 6 Tiles that display Blue Iris streams. We have a workaround in the pipeline to remedy this. For now, the only workaround is to use a different browser.

Is there any update on this workaround? My streams keep freezing.

PINNED

I finally got this working for me with Blue Iris as I don't require a password on the local network and I use the BI app remotely.

Format I used was : http://BI_IP:BI_PORT/mjpg/Cam_Short_Name/video.mjpg

I had tried this over and over again and it wasn't until I put the Cam_Short_Name in did it work.

I still haven't figured out how to get this to connect directly to my Hikvision cameras but this will work for now.

I see different discussions about URL's and browsers being used for Blue Iris. Has anyone been able to display their streams in Fully Kiosk browser?

i was able to make it work with Fully, but its not ideal... if you are using "secure only" mode even for LAN connection, in order to make this work u need to have another tab open to log in so it will pass credentials to Fully (auth), since AT is not native with B. if u have 443 setup (stunnel) like i do, its even harder. Plus it kills my tablet (insignia flex 10.1"), and it become super slow...

its working, its just not prime time...

i really hope AT dev will put time on having this aspect working better. hopefully when the more important bugs fixed and they have time to look into this more throughly.

+4
PINNED
Planned

The root cause of this issue in Chrome is the browser's limit of 6 concurrent requests to the same server.


We have come up with a workaround to clear up connections that get used up when a Video Tile is magnified. This fix is short listed for one of the next upcoming releases.

I'm able to get my 4 streams from BI showing without an issue for a moment or two, then they go grey. I am not using any authentication as I am only allowing streaming on my local network. Also, is there currently a way to get the audio stream as well? Ideally when clicking on a stream to go full screen we would pull in the audio stream.

Hi Kevin,

I'm able to get my 4 streams from BI showing without an issue for a moment or two, then they go grey.

Could you please tell me how many actual seconds it takes before the video streams go grey?


is there currently a way to get the audio stream

No, MJPEG streams don't transmit audio.

Hey Alex, it is very sporadic. Sometimes only 2 or 3 of the 4 come up at all. Sometimes one goes grey after a few seconds. Sometimes they don't go grey until I try to maximize one, which honestly means it could have been frozen prior to that. The only consistency is that if I refresh the page they all come back up for a little bit. I'm happy to provide any type of debugging I can and I will try to watch it when I get some time to see if I can find any patterns or consistency and will report back. 

Good day, can someone please help me with the process to load the different channels on an Vivotek video server VS8801. When I load it, it default to channel1 every time.

PINNED

YAY. Status changed to "researching" .... this got me excited ! cannot wait for BI native support!!!

PINNED

Sorry to get your hopes up... This is actually a step backwards. 

ah :( :( :( 

this is a feature i was really hoping for...

 i do 443 via stunnel and so i cant expose my cameras to have a separate string for each camera :( 

thanks for clarifying...

Hi I try this on Chrome and Fully


http://USER:PASSWORD@WANIP:PORT/mjpg/CAMNAME


and 


http://BI_IP:BI_PORT/mjpg/Cam_Short_Name/video.mjpg


All time ask for user and password, how can I fix this?


...Terry.

+1

Tell me what devices you are using action tiles on with this problem.

+3

OK guys I finally got my Ipad Pro 12.9 working with action tiles in full screen with BlueIris. Looks great but there are a few bugs that still need to be worked out. Terry I know there are a lot of priorities with Actiontiles however getting blueiris working without the constant nagging (its very random) of a user name and password would be a great bug fix. I have already removed authentication from LAN only as seen in the photo below. I am running actiontiles in FULL SCREEN in safari. A lot of people have apple products and Blueiris and I think it is worth moving these bug fixes to the top of the list. I am also an Android snob but apple products look so much nicer on the wall :)  Please feel free to reach out to me if you need access to my servers. Thanks again Terry to you and your team for all your hard work.






Kitchen Ipad




Master Bathroom Ipad



This is awesome, gorgeous and all. but i cannot agree with shutting down security on me cameras, in lan or out of lan. i run 443 in and out and i wish AT had a native support for BI or at least a browser support so i can use BI web UI2. looks great tho.. 

I really appreciate you guys continuing to have this discussion. Blue Iris is more incredible than I ever knew, and the success of proof-of-concepts here are wonderful to see.


I don't have hands-on experience with the software or this configuration, so I hesitate to jump in prematurely, but I have a couple questions regarding M.a.S.e's comment...


  1. You mention "run 443 in and out"... I presume you mean SSL, https? That should work fine within ActionTiles; in fact, it's preferable. Desktop browses block embedded "mixed content" in many cases.
  2. You mention that you'd prefer to not shut down security "in LAN". I guess it's best to have multiple layers of security; but at the same time, security of the LAN (via strong WiFi encryption and router firewalling and VPN protection for any access from the Internet), quite a formidable "first moat".

There are significant hurdles to add any within-page authentication in ActionTiles to embedded sources. If a significant portion of our Customers used Blue Iris, we'd have special incentive for further research. But use of a Blue Iris or other NVR with similar capabilities (and thus a dedicated transcoding PC, etc., etc.), is pretty rare and takes a big commitment on the part of such households. I dunno; maybe crowdfunding this initiative might be an option. There are apps out there from whom we could pay for resources; but it would be a significant investment.

+1

Hey @terry, that is correct. to answer your questions specifically: 

1. Yes, that is correct. 443 SSL via stunnel both LAN and NON LAN for all of my cameras (16 total). 

2. Thats correct as well, i will never shut down what BI (Blue Iris) calls "Secure only" for LAN and NON LAN (basically encrypting the password vs plain text). . People will call me "crazy" "overkill" tell me "But its ur LAN". It doesn't matter. Security is Security. and if i can avoid putting my password in plain text i will do so. Regardless where the end client sits. Especially where i have indoor cameras all over the place. 


I completely understand the problematic of developing a "feature", that's why i never pushed while gladly paid for a license for AT. That being said, i would also gladly pay an additional 1 time fee for a "Premium Feature". 


the way that people make this work with AT is they remove the security encryption of the PWD for LAN cameras (inside your own local IP network) and then embed the username and password as plain text in the URL to the camera and add it as a media tile. To me that's a big no no.... But again, to each its own, and its the individual person decision. I personally run a tight network ship in my place :) 



Furthermore, to answer the individual who mentioned to add mac address filtering: 

3 issues: 

1. I ran out of MAC address filtering addresses capabilities with my router software (Linksys EA9500), it is maxed out at 32 and i have 62 clients connected at my house 24/7 via LAN and 15 via WiFi. (i am an extremely robust home automation and networking i know that much clients for a regular home is insane lol).

2. I am not running DD-WRT firmware, not want to. 

3. Spoofing a mac address is not that hard, its not a viable security measures. 



Disclaimer: I am not "Demanding" a feature, i am really in love with AT and its fantastic, would love to see more development in the future and will have zero problems in supporting further by purchasing a "premium" feature such as this. Terry and his team did an amazing job with AT that should be a built in functionality for ST, Samsung should be paying you for how much you have enhanced their product. 


PPS - BI is by far the most well known, established and professional 3rd party NVR software by far. 

and i can almost guarantee that every single person that is running more then 2 cameras that were not purchased as part of a closed ecosystem solution (NetGear Arlo, Samsung Cams, Nest Cams, etc) is probably using BI. 

Having support for BI is something i would look into, maybe even reach out to BI developer (Ken is his name) to ask for his public API. 


Thanks again for an amazing product. 

+1

Buy a router that supports more MAC address filtering than the capped 32 you currently have.  It seems you are making this harder than it has to be. Trust me I am very big on security but unless someone hacks your wifi (if that is the case your IP Cameras user/pass will not be a problem either) or plugs directly into your LAN port I don't see an issue. The only way someone can spoof a mac address is first they would need your mac address, in that case they are already in your network and its already to late.

Hi, how did you run AT FULL SCREEN in safari? I have an ipad air. Thanks

Try creating a bookmark to home screen.  Then open it that way.

+1

If you are worried about LAN security turn on port security and/or allow only verified MAC's on your network.

I am noticing my CPU usage on my Blue Iris server increase about 5-10% more per stream when using these streams:

http://BI_IP:BI_PORT/mjpg/Cam_Short_Name/video.mjpg

Anyone else experiencing this?

a few things: 

1. Make sure you are direct to disk recording. 

2. Allow more threads and priority to the BI service if running on windows. 

3. Reduce the PFS to max 10 or 15 per camera (u dont really need more then that). 

Google Blue Iris high CPU , u will see a million recommendations. Took me a while, especially with 16 cameras .but was finally able ot bring down cpu usage to no more then 30-35%

Thanks.  I already had all that done though.

The problem is if I use the URL stream.  It adds 10% per camera when using the mjpg stream.

Then use my workaround posted below, it will not add any URL stream and wont use ur CPU. it will use the BI native android App. 

+3

Hey guys, wanted to give an update on what i have found.

i highly appreciate all of you guys who suggested solutions for not using SSL on LAN. But as i mentioned from the beginning to me that was simply a No No, LAN or no LAN. 

So i spent some time debugging and finding ways to make this work and eventually i was able to find a "workaround" .

So here is what i have done: 

i debugged the blueiris apk and analyzed its manifest, i then located the main intent the app is using to go to the main cameras views.


intent:#Intent;launchFlags=0x10000000;component=com.blueirissoftware.blueiris/com.blueirissoftware.blueiris.MainActivity;end


Once i had that i went ahead and created in action time an action tile shortcut called "Blue Iris"  where the absolute URL is the line i pasted above. 


Then i simply added another shortcut tile to my main panel with settings: "Open shotcut in the same window" . 


Then i enabled "Allow PopUp" in fully kiosk broser.



Now i have a tile in my main panel, if i click on it it takes me to all my cameras views using the blueiris app with no security compromise (or no ssl on local lan). 


This is a good workaround IMHO until we get some type of a native solution. 


Hope this helps for ppl crazy like me who are unwilling to disable ssl on local lan. 



Mase - working in IT myself I relate to your frustration with all the folks saying just disable security, its your lan, it'll be fine. I like what youve done with the workaround but cant seem to get this going myself regardless of browser. Ive created the shortcut in AT and set it to open in the existing window using the line you provided. I have blue iris installed on the device and if i bring up the panel in FF, Chrome, or Fully Kiosk when i click the link from the panel it just takes me into panel settings or refreshes the panel. It does not launch the blue iris app - have there been any recent changes that prevent this? I used an apk editor to view the manifest and it looks to be the same but im stuck here. Let me know your thoughts.

+2

Yay, someone who agrees with me lol. Kidding :) 

Putting had changed, it's still working perfect for me... It sounds like an issue with the pop-up or the link. Would you mind adding screenshots of your settings in fully and at and I'll compare to mine. It sounds work. 

Its not working for me either. Followed your steps exactly, trying in FF, Chrome and samsungs browser(didnt try fully since its not on my phone and blue iris isnt installed on my fire tablet) but when I try it in any of the browsers, when I click the shortcut in action tiles, it asks me what app I want to open, but BI is not one of them :(.

Would very much prefer this work around as to not waste CPU.

+2

it is still working flawless for me.... 

in order for it to work you need to allow for "popup" tabs on your browser. 

also you need to ensure that the intent is 100% accurate. 

what OS do you have ?version... maybe run this app: 

https://play.google.com/store/apps/details?id=com.dexplorer

open BI with this app, open the BI manifest file and validate that the intent line is the same as in my guide. 

there is no reason why this should not work for u . 

please provide more in depth details of ur config so we can try to find where is ur misconfig.

Hi Mase, 


Thanks for responding. I am using the blue iris version 2.0.50. I am using a note 8 trying to get it to load, running Android 7.1.1. All the browsers I've tried have not worked so far, popup enabled. I went ahead and installed fully on my phone to try it as well, and still no go. Using Dex does show the intent is the same.

Just to throw this out there, I tried with other apps, snapchat and harmony, and they didn't work either.

+1

if no other apps working, u gota be missing a config...

do this: enable Fully Kiosk browser admin support and here i am adding ALL of the fully config and also my AT shortcut example... let me know if after u replicate the config here if its still not working. 

You are the best man! Got it working. Never saw the option before but I had to enable "open url schemes in other apps". All settings were the same till I got to that one. Enabled it and checked if it worked and it Did! Thank you so much for This! Might want to add to make sure that setting is enabled in fully kiosk to your instructions for future dummies like me :). Not sure it will work in other browsers either, unless they have that specific code. Either way though, only need it for fully. 

+1

YAY

im happy !!! 

glad we got it working, and yup - editing my youtube description now :)

Is there a button that allows you to return to the main tile once you've opened this? It's just a direct link to the BI app right?

In Fully configure that home button bring you back to "start URL". This will enable home button back to AT. and yes, its a direct launch to BI APP

+1
Answer

Working Solution for Blue Iris Integration into Action Tiles that features;


  1. Over standard HTTPS with User / Pass Authentication
  2. More than 6 cameras coming from same BI server
  3. Full MJPG


For the TLDR version, basically run Apache web server as a reverse proxy to the BI  server and have multiple sub domains reverse peroxided to BI, with each one supporting 6 concurrent connections in Chrome.     


Now in in depth how my setup works:


1) Blue Iris is configured as below:



2) Apache's httpd-ssl.conf file is configured as follows.  (Only relevant sections, not full httpd-ssl.conf file!)


Download httpd-ssl.conf File.



3) Urls used with Action Tiles:


First 6 Cams: https://cctv.mydomain.com/mjpg/ShortCamName/video.mjpg?user=BIUSER&pw=BIPASSWORD


Next 6 Cams: https://cctv2.mydomain.com/mjpg/ShortCamName/video.mjpg?user=BIUSER&pw=BIPASSWORD




And that is pretty much it; however it is worth noting:



  • I only have 9 cams, so only need two sub-domains. Additional sub domains can of course be created, with each one supporting 6 concurrent connections to the BI server.

           I suspect Chrome regards each sub-domain (what is then reverse peroxided to the BI server) as a 

           separate destination/resource/server.


  • I have a static WAN IP, however you may use a DDNS service if you don't have access to a static WAN IP.



  • My Router/Firewall has Port 80 and Port 443 opened to the local IP of my Apache web server. (Same physical server as BI)



Hope someone finds this useful!



Just to check, http://{USERNAME}:{PASSWORD}@{BI_SERVER_LAN_IP}:{PORT}/mjpg/{CAM_SHORT_NAME}


This format does not work currently correct? Due to browsers not liking the User/Pass @ server format? Is there a way to create a stream in blue iris that action tiles can see? Or is the best integration a link to Blue Iris as shown above?

Embedded content in the form "user:password@address" format is blocked by Chrome, Android Webview ("powered by Chrome" ... which pretty much includes Fully unless you are on an old version of Android), and some other browsers.


Unconfirmed, but I believe that Firefox does not block this (yet).


Google has not offered a workaround for Chrome or Webview. So streams URL must either have no user:password (and the browser might prompt for them; or use an unprotected stream on your LAN), or the source must accept parameters instead (i.e., something like https://address/stream.cgi?user=x&password=pwd).

Anyone have a suggestion for an unprotected LAN stream? I'm only using it on one device running ActionTiles, the rest of my devices will be using the BI app.

I have it set to not require authentication for local LAN, and below is an example URL.  The URL in a browser opens the stream just fine.


http://192.168.1.25:8082/mjpg/Front_Lawn/video.mjpeg

Just found this article after discovering ActionTiles... I currently run a BI server pushing video to a bunch of rpi3's all over the house with 10in touchscreens.  What my wife's been complaining about is having to open Smartthings and or BI when she needs a quick view on what's happening around the place.


I really don't want to open up my camera's to the outside world, so how is anyone doing this on their local LAN with out exposing their camera's publicly?  If there's a way to do this, having the camera's and action tiles on one screen, I'm sold and would drop $100 instantly.


In reading down the thread, it looks like you have to open up your camera's to point to a ddns.  I'd prefer to keep any video feeds from ever being exposed externally, no matter how secure ssl etc is. 

I really don't want to open up my camera's to the outside world, so how is anyone doing this on their local LAN with out exposing their camera's publicly?

If you only want to view your BI cameras on your LAN, then, since you are already behind a NAT Firewall (built into your broadband connection / router), then you are NOT exposing your camera's to the outside world, even with no password.


Of course, if you have any malicious backdoors to your LAN (e.g., any device with malware) those could route packets from your BI to outside requester, but that would be a very unusual scenario. Most malware is used to launch mass denial-of-service attacks, or crypto-coin mining, etc. ... not as a LAN access proxy.


To add further security, you could put your Blue Iris & ActionTiles on a VLAN and apply additional firewall rules.


...Terry.

correct, the cameras are behind a pfsense firewall on their own VLAN.  The pi running the screen and action tile chromium in kiosk mode can access the internet for Smartthings and action tiles only. everything else is restricted.


I've tried the mjpeg under media for the camera types and for what ever reason they don't seem to load.  I was thinking it was due to the previous comments in quickly glancing over that you had to expose them publicly, so action tiles could bring the image into the page.  adding local mjpeg urls to the media section result in a blank box.  


I will go back and double check the urls and try the on another machine to make sure I didn't goof anything.  I was trying to make sure it could be done, adding cameras to the AT interface, linking to a LAN url with cameras that have no access to the Internet.

adding local mjpeg urls to the media section result in a blank box. 

Please try testing this using a desktop browser (Chrome or Firefox) so you can use F12 for browser debugging and find out why the box is blank. One possibility is that the browser is demanding SSL for the embedded object (though, frankly, this behavior varies between desktop and tablets at the moment - I'm not sure why).


Regardless, I can definitely assure you that only LAN access is required. ActionTiles does not route video through any portion of our cloud. If any "internet" is used, then that is solely due to your choice of URL and/or camera settings.

figured it out.  it's because urls with embedded credentials for the mjpeg stream are blocked in new versions of Chrome.  deprecation, sub resource requests who's URLs contain embedded credits are blocked.  see this url blah blah. 


So it works on my tablet, great.  But will not work in default chromium on RPI3.  Goal being to get a 22in touch screen, PIR sensor for auto on off with motion.


Can someone please go over this in more detail. I cant seem to get it to work.

http://BI_IP:BI_PORT/mjpg/Cam_Short_Name/video.mjpg


BI_IP - Is this the actual camera ip or blueiris system ip under settings?

BI_PORT - which one is this (discovery camera/system?) There are alot of different ports in settings

Short name I made the same as name to keep it simple

I have seen mjpg or mjpeg listed, does it matter?

Having this same issue with Blue Iris. Did you find a solution

IP is the IP of the server. 

Port should be 81

Short name will direct it to which camera so you can use the same link and just change a few characters. 

My link uses mjpg