logo

Live Production Software Forums


Welcome Guest! To enable all features please Login or Register.

Notification

Icon
Error

Options
Go to last post Go to first unread
Unieveth  
#1 Posted : Friday, November 22, 2024 8:35:56 PM(UTC)
Unieveth

Rank: Newbie

Groups: Registered
Joined: 10/26/2020(UTC)
Posts: 2

Thanks: 1 times
Hi,

I love the new telestrator feature introduced in the new vMix 28 beta.
However, I encountered a small issue when attempting to load the telestrator page via HTTPS using a proxy service, such as Cloudflare Tunnel or ngrok.

When accessing the page over HTTPS, it returns the following error: "SecurityError: The operation is insecure."
After some investigation, I believe this issue arises because the webpage is hard-coded to use ws:// for WebSocket connections, without accounting for whether the page was loaded via HTTPS.
Here’s the relevant code snippet:
Code:
v = new WebSocketVideo("video1", "ws://" + hostnameAndPort + "/videosocket?auth=REDACTED");


I tested a workaround using Tampermonkey to replace ws:// with wss://, and it resolved the issue. You can see my Tampermonkey script here:https://gist.github.com/Unieveth/f4f0d63b365f209cd772919bdc1dc736

Would it be possible to update the telestrator code to check "window.location.protocol" and dynamically switch to wss:// when the page is loaded over HTTPS? This change would allow users to send a telestrator link to remote talent without requiring port forwarding if they have a tunnel running.

Best,
Unieveth
WaltG12  
#2 Posted : Saturday, November 23, 2024 4:06:15 AM(UTC)
WaltG12

Rank: Advanced Member

Groups: Registered
Joined: 7/4/2021(UTC)
Posts: 310
United States

Thanks: 8 times
Was thanked: 40 time(s) in 35 post(s)
Is this the case with just the Telestrator or the HTTP server in general?

I don't recall anything on the HTTP server ever working over HTTPS, nor does the Web Controller link provide an HTTPS link.

Is there a particular reason you're trying to access it over HTTPS?
Unieveth  
#3 Posted : Saturday, November 23, 2024 5:56:35 AM(UTC)
Unieveth

Rank: Newbie

Groups: Registered
Joined: 10/26/2020(UTC)
Posts: 2

Thanks: 1 times
Quote:
Is this the case with just the Telestrator or the HTTP server in general?

I don't recall anything on the HTTP server ever working over HTTPS, nor does the Web Controller link provide an HTTPS link.

I’ve been able to use /controller and /tally over HTTPS without any issues for the past few years. The way Cloudflare Tunnel works is essentially as a reverse proxy.
Additionally, there’s a lightweight Cloudflare Tunnel client running on a server within my network. This client establishes a secure connection between my local network and Cloudflare’s infrastructure.

Here’s a simplified flow of how it works:
HTTPS Domain -> Cloudflare/Reverse Proxy -> vMix Instance

For example, when I visit a domain like vmix.example.com, the request is first sent to my reverse proxy (Cloudflare), which then forwards it over HTTP to the vMix instance running locally on my network. This allows me to securely access the vMix web interface over HTTPS.

I’ve attached a screenshot of my reverse proxy configuration for reference.

Cloudflare Proxy Config

It’s worth noting that the vMix HTTP server doesn’t need to natively support HTTPS for this to work. Instead, the issue lies specifically with the /telestrator page’s JavaScript. If the script could check whether it was loaded via HTTPS (e.g., using window.location.protocol) and dynamically switch WebSocket connections from ws:// to wss://, this would resolve the problem without requiring any changes to the vMix server itself.

Quote:
Is there a particular reason you're trying to access it over HTTPS?

Currently, my fiber provider uses CG-NAT networking, which means I don’t have a public IP address and am unable to set up port forwarding. To work around this, I use Cloudflare Tunnel to expose local services running on my network to the internet.

Additionally, using HTTPS via a service like Cloudflare provides better security. For example, I can require Single Sign-On (SSO) authentication before allowing access to specific web pages, adding an extra layer of protection.

I’ve contacted my provider about getting a public IP, but unfortunately, they don’t have any plans to offer private IP addresses in the near future.
Users browsing this topic
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.