Hi,

I love the new telestrator feature introduced in the new vMix 28 beta.
However, I encountered a small issue when attempting to load the telestrator page via HTTPS using a proxy service, such as Cloudflare Tunnel or ngrok.

When accessing the page over HTTPS, it returns the following error: "SecurityError: The operation is insecure."
After some investigation, I believe this issue arises because the webpage is hard-coded to use ws:// for WebSocket connections, without accounting for whether the page was loaded via HTTPS.
Here’s the relevant code snippet:


I tested a workaround using Tampermonkey to replace ws:// with wss://, and it resolved the issue. You can see my Tampermonkey script here:https://gist.github.com/Unieveth/f4f0d63b365f209cd772919bdc1dc736

Would it be possible to update the telestrator code to check "window.location.protocol" and dynamically switch to wss:// when the page is loaded over HTTPS? This change would allow users to send a telestrator link to remote talent without requiring port forwarding if they have a tunnel running.

Best,
Unieveth

I’ve been able to use /controller and /tally over HTTPS without any issues for the past few years. The way Cloudflare Tunnel works is essentially as a reverse proxy.
Additionally, there’s a lightweight Cloudflare Tunnel client running on a server within my network. This client establishes a secure connection between my local network and Cloudflare’s infrastructure.

Here’s a simplified flow of how it works:
HTTPS Domain -> Cloudflare/Reverse Proxy -> vMix Instance

For example, when I visit a domain like vmix.example.com, the request is first sent to my reverse proxy (Cloudflare), which then forwards it over HTTP to the vMix instance running locally on my network. This allows me to securely access the vMix web interface over HTTPS.

I’ve attached a screenshot of my reverse proxy configuration for reference.



It’s worth noting that the vMix HTTP server doesn’t need to natively support HTTPS for this to work. Instead, the issue lies specifically with the /telestrator page’s JavaScript. If the script could check whether it was loaded via HTTPS (e.g., using window.location.protocol) and dynamically switch WebSocket connections from ws:// to wss://, this would resolve the problem without requiring any changes to the vMix server itself.


Currently, my fiber provider uses CG-NAT networking, which means I don’t have a public IP address and am unable to set up port forwarding. To work around this, I use Cloudflare Tunnel to expose local services running on my network to the internet.

Additionally, using HTTPS via a service like Cloudflare provides better security. For example, I can require Single Sign-On (SSO) authentication before allowing access to specific web pages, adding an extra layer of protection.

I’ve contacted my provider about getting a public IP, but unfortunately, they don’t have any plans to offer private IP addresses in the near future.