Video.ui.com workaround

I have been using unifi video via video.ui.com for a while now to provide access to various NVRs at the same complex as it is easy for my boss to use and move between buildings while they are away. They typically use the unifi video app to accomplish this.

I have setup a nginx reverse proxy that routes let you access various NVRs based on FQDN from a browser yet only utilizing one public facing IP. This works great but when manually adding it to the app this only lets me view the recordings but no the livestreams. The livestreams work from a browser but I assume not the app because it uses port 7446 with the IP and not the hostname.

Would anyone be able to confirm that this is the case and any potential work arounds?

I can post a sanitized version of my nginx site config that helps.

I have not tested as we have been moving people over to protect. Here are the ports needed.

@egagne Might be to late of a response but I ran into the same issue as you. There was two things that I had to do to solve it. This also may help anyone that lands on this page.

One of the main issues, I believe, is caused by Nginx being in the internal network proxying from a https: 7443 to the http: 7080 port. If you look at the network requests in DevTools When visiting the web interface with a browser you will see a request uri ending with url after clicking on the LIVE FEED button. This request send back a JSON object and inside that object is the uri’s that the application uses to access the cameras live stream. What seems to be happening is the Unifi Video api is returning the internal IP of the unifi video server instead of the host in these uri’s that it is sending back. When you are outside the network the path for the stream can not be reached since it is pointing to an internal IP.

To resolve the unifi server from sending its IP instead of the host. I had to point nginx DNS to our internal DNS server. And create the same entries in our internal DNS as our external DNS for each server. But on the internal DNS point it at the unifi servers IP’s. That way you can use Nginx variables so that Nginx will pass the correct Host headers and port to unifi so that it responds with the correct hostname in the url response.

Note: If you do not have internal DNS servers you can just modify the servers host file and create entries to point to each unifi server.

Here is my server block config. You can see both the server name and the proxy pass are the same.

server {
    server_name your-unifi-server-one.domain.com;
    listen 7443 ssl http2;

    ssl_certificate      PATH/TO/YOUR.crt;
    ssl_certificate_key  PATH/TO/YOUR.key;

    location / {

        #proxy pass
        proxy_redirect          off;
        
        # Note that the host is the same as server_name above. I used https :7443. If you use http :7080 you must change proxy_set_header Host from $proxy_port to $server_port below.
        proxy_pass https://your-unifi-server-one.domain.com:7443/;
        
        # This is the header that needs to be set with the port variable as well. When I did not have the port set unifi video api responded with the ip instead of the hostname url request.  If using http :7080 in proxy_pass above use $server_port variable instead of $proxy_port.
        proxy_set_header         Host $host:$proxy_port;
        proxy_connect_timeout   5;
        proxy_read_timeout      240;
        proxy_intercept_errors  on;

        location / {
            # Same as above.
            proxy_pass https://your-unifi-server-one.domain.com:7443/;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";


        }
    }
}

server {
    listen 7446 ssl http2;

    server_name your-unifi-server-one.domain.com;

    ssl_certificate      PATH/TO/YOUR.crt;
    ssl_certificate_key  PATH/TO/YOUR.key;

## WebSockets
    location / {
        # I used https :7446 but http 7445 works and you can use either the hostname or ip here. It is not affect by the host header issue.
        proxy_pass https://your-unifi-server-one.domain.com:7446/;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
    }
}


server {
    server_name your-unifi-server-two.domain.com;
    listen 7443 ssl http2;

    ssl_certificate      PATH/TO/YOUR.crt;
    ssl_certificate_key  PATH/TO/YOUR.key;

    location / {

        #proxy pass
        proxy_redirect          off;
        
        # Note that the host is the same as server_name above. I used https :7443. If you use http :7080 you must change proxy_set_header Host from $proxy_port to $server_port below.
        proxy_pass https://your-unifi-server-two.domain.com:7443/;
        
        # This is the header that needs to be set with the port variable as well. When I did not have the port set unifi video api responded with the ip instead of the hostname url request.  If using http :7080 in proxy_pass above use $server_port variable instead of $proxy_port.
        proxy_set_header         Host $host:$proxy_port;
        proxy_connect_timeout   5;
        proxy_read_timeout      240;
        proxy_intercept_errors  on;

        location / {
            # Same as above.
            proxy_pass https://your-unifi-server-two.domain.com:7443/;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";


        }
    }
}

server {
    listen 7446 ssl http2;

    server_name your-unifi-server-two.domain.com;

    ssl_certificate      PATH/TO/YOUR.crt;
    ssl_certificate_key  PATH/TO/YOUR.key;

## WebSockets
    location / {
        # I used https :7446 but http 7445 works and you can use either the hostname or ip here. It is not affect by the host header issue
        proxy_pass https://your-unifi-server-two.domain.com:7446/;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
    }
}

Some other things to check. Make sure your Nginx firewall ports are open for the ports you use. 7080, 7443,7445, 7446 and those ports are being forwarded out your gateway thought your Nginx’s IP.

A strange thing I am experiencing that I have not figured out yet. Is on the second server. The live feed does not work externally at first in the Unifi Video app. It just turns black. To get it to work I have to be on the internal network then connect and start a live feed. Then go to the switch nvr screen. Disconnect from the internal network and use my mobile network. Then reconnect to the second NVR and start the feed and it seems to work. Not sure if this is a bug in the app or if the app tries using 7447 video stream and does not fail over at first. I need to look more into this. It breaks every time you close the app or restart your phone.