Can't get unifi streaming video to work with Caddy

mk20158 · January 15, 2019, 6:44am

I have a Unifi Video server and I’d like to proxy that with Caddy

I posted in the Unifi forums and they said:

I’m not familiar with Caddy, and we can’t really offer much in this regard, but you will need to take into account that UniFi-Video opens web-sockets for streaming from the NVR on ports 7445 (http) and 7446 (https).

If in your browser console you’re getting refused connections, you’ll likely need include another rule/block for serving requests to that content.

How do I go about fixin this?

Caddy File:
    https://uvideo.XXX.duckdns.org {
            tls self_signed
            proxy / https://10.1.20.102:7443 {
                    websocket
                    transparent
                    insecure_skip_verify
            }
    }

Whitestrake · January 16, 2019, 1:05am

Hi @mk20158,

Did a quick search and found a couple of resources:

https://help.ubnt.com/hc/en-us/articles/217875218-UniFi-Video-Ports-Used
https://community.ubnt.com/t5/UniFi-Video/UniFi-Video-amp-Nginx-Reverse-Proxy/td-p/1760469
https://www.reddit.com/r/homelab/comments/8bkae6/unifi_video_choppy_when_self_hosting_over_nginx/

Along with the response you got on the Unifi forums, it seems like you’ll need to open those ports and forward them. If you forward them to the NVR, that should be fine, but if you forward them to Caddy, you can configure Caddy to proxy back to the NVR for these ports.

https://uvideo.XXX.duckdns.org:7446 {
  tls self_signed
  proxy / https://10.1.20.102:7446 {
    websocket
    insecure_skip_verify
  }
}

http://uvideo.XXX.duckdns.org:7445 {
  proxy / 10.1.20.102:7445 {
    websocket
  }
}

mk20158 · January 16, 2019, 8:18am

Thanks for the insight.

I put in that configuration and I did a packet capture and I definitely see my external request hit Caddy with requests for 7446 however my packet capture does not see Caddy request any 7446 to the nvr (or any device)

any idea?

https://uvideo.XXX.duckdns.org {
        tls self_signed
        proxy / https://10.1.20.102:7443 {
                websocket
                transparent
                insecure_skip_verify
        }
}

https://uvideo.XXX.duckdns.org:7446 {
  tls self_signed
  proxy / https://10.1.20.102:7446 {
    websocket
    insecure_skip_verify
  }
}

http://uvideo.XXX.duckdns.org:7445 {
  proxy / 10.1.20.102:7445 {
    websocket
  }
}

Whitestrake · January 16, 2019, 10:06am

Throw

log /var/log/7446-access.log
errors /var/log/7446-errors.log

in the 7446 section and see what Caddy reports when you try the connection.

mk20158 · January 16, 2019, 11:33am

looks like the log set up properly, just nothing logged. I also posted the tcp dump just capturing port 7446. Caddy is receiving the requests not forwarding them it seems because i see no traffic requesting it from the recorder.

root@caddy:~# ll /var/log
total 738
drwxrwxr-x   9 root      syslog              27 Jan 16 11:09 ./
drwxr-xr-x  14 root      root                16 Jan 16 07:59 ../
-rw-r--r--   1 root      root                 0 Jan 16 11:06 7446-access.log
-rw-r--r--   1 root      root                 0 Jan 16 11:06 7446-errors.log

<<<packet capture on caddy device cap any traffic 7446>>>

$tcpdump -i any port 7446
11:10:55.262728 IP X.X.X.X.61622 > caddy.7446: Flags [S], seq 2698000084, win 64240, options [mss 1380,nop,wscale 8,nop,nop,sackOK], length 0
11:10:55.262777 IP caddy.7446 > X.X.X.X.61622: Flags [S.], seq 166630143, ack 2698000085, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
11:10:55.281859 IP X.X.X.X.61622 > caddy.7446: Flags [.], ack 1, win 258, length 0
11:10:55.285112 IP X.X.X.X.61622 > caddy.7446: Flags [P.], seq 1:205, ack 1, win 258, length 204
11:10:55.285135 IP caddy.7446 > X.X.X.X.61622: Flags [.], ack 205, win 237, length 0
11:10:55.285510 IP caddy.7446 > X.X.X.X.61622: Flags [P.], seq 1:616, ack 205, win 237, length 615
11:10:55.345734 IP X.X.X.X.61622 > caddy.7446: Flags [P.], seq 205:298, ack 616, win 256, length 93
11:10:55.346059 IP caddy.7446 > X.X.X.X.61622: Flags [P.], seq 616:802, ack 298, win 237, length 186
11:10:55.414631 IP X.X.X.X.61622 > caddy.7446: Flags [.], ack 802, win 255, length 0
11:10:55.668003 IP X.X.X.X.61622 > caddy.7446: Flags [P.], seq 298:329, ack 802, win 255, length 31
11:10:55.668120 IP caddy.7446 > X.X.X.X.61622: Flags [P.], seq 802:934, ack 329, win 237, length 132
11:10:55.668157 IP caddy.7446 > X.X.X.X.61622: Flags [FP.], seq 934:965, ack 329, win 237, length 31
11:10:55.668162 IP X.X.X.X.61622 > caddy.7446: Flags [F.], seq 329, ack 802, win 255, length 0
11:10:55.668173 IP caddy.7446 > X.X.X.X.61622: Flags [.], ack 330, win 237, length 0
11:10:55.687158 IP X.X.X.X.61622 > caddy.7446: Flags [R.], seq 330, ack 934, win 0, length 0

<<<packet capture on nvr device cap any traffic 7446>>>

uvideo:~# tcpdump -i any port 7446
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes

basically receives no traffic on that port.

system · April 16, 2019, 11:33am

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.