IP Camera Viewer, URLProxy, and Force Secure Redirect

JohnBomb · September 22, 2022, 2:09pm

Hey all! I’m working on trying to better secure my Ignition Gateway, so I’d like to switch everything over to SSL communication. I’ve mostly got it figured out but I have one issue still remaining with some Vision windows that use the IP Camera Viewer.

My gateway has two network interfaces, one to the “controls” network (which includes the IP cameras) and the office network. The IP Camera Viewer block uses the Gateway’s URLProxy (http://ignitiongateway-officenetwork:8088/main/system/urlproxy?url=http://webcamIPonControlsNetwork…) to access the camera feed so clients on the office network can see the cameras too. But these IP Camera Viewers break when I turn on Force Secure Redirect.

I’ve changed the URLs to (https://ignitiongateway-officenetwork:8043/main/system/urlproxy?url=http://webcamIPonControlsNetwork…) but I still get an SSL exception error. If I pull the URL up in my web browser (https/8043) on the office network I can see the camera feed just fine, but for some reason the IP Camera Viewer in a Vision Window still can’t if Force Secure Redirect is on.

This is the error I get in IP Camera Viewer:
2022-09-22_07-43-48

Any ideas how I can get this working? I tried toggling “Use Proxy Forwarded Headers” and that didn’t help.

plo · October 3, 2022, 10:32pm

Hello JohnBomb,

Do you see the error in the Designer? I wonder if this is similar to this forum post - Valid Certificate Path Problem
Where they were able to add the certificate to the Vision Clients in the .ignition/clientlauncher-data/certificates directory to authenticate there.

I suggest opening a Support to help troubleshoot this issue if it is possible or not. Please contact us here! We would like to review your Certificate and see what else we find in the logs
https://inductiveautomation.com/support/home/

JohnBomb · October 13, 2022, 2:51pm

I see the error in Designer and in Vision.

The certificate is in .ignition/clientlauncher-data/certificates and Designer and Vision are both accessing the Gateway via https using the certificate. The camera views work fine when I connect via SSL and Force Secure Redirect is off. Its only once I force everything to SSL only that it breaks.

I thought it might be because the cameras are not SSL maybe it doesn't like the SSL urlproxy accessing a non-SSL site on the other side? But if I pull up the URL doing that (SSL from client to gateway, non-SSL from gateway to camera) in my web browser I can see the camera feed fine, the IP Camera Viewer just doesn't want to.

I'll open a ticket soon, I need some downtime in production to test and generate some more logs since I don't have a test environment. The last time I tried it has rolled off the log already.

Thanks!

TANVEER_AHMAD · December 27, 2022, 4:56am

Hello John Bomp
I am facing similar issue , have you resolved ?
also try to find this ignoreCertValidation=True path

please reply

JohnBomb · December 28, 2022, 2:24pm

Inductive confirmed this is a bug in the IP Camera Viewer module and that I'd have to wait for them to release a fix in a future Ignition update. They recommended using the web browser component module in the meantime as a workaround, but my company didn't pay for that in my license so you could use that if you have it.

TANVEER_AHMAD · December 29, 2022, 6:23am

JahnBomb Thanks for update

JohnBomb · March 23, 2023, 1:18pm

I was told this would be fixed in release 8.1.26

marwane.gannoun · April 17, 2023, 7:55pm

I have the same problem. Can I contact you in order to share with you the whole steps to solve this?
Thanks.

Chris_W · October 28, 2024, 7:53pm

Did you figure this out?