Community Tip - Did you get called away in the middle of writing a post? Don't worry you can find your unfinished post later in the Drafts section of your profile page. X
HI,
I am trying to implement live cctv stream in twx mashup using video player or webframe widget.
But my cctv media server is restricted and that server functions internally and twx is deployed on aws.
And our clients will be using the web browsers at various locations in different countries.
My idea is like whitelisting Twx server ip on my media server so twx can access feeds, we can provide it as URL's so I can use it in widgets.
My doubt is whitelisting twx is enough for this implementation ?? , I don't know about the actual widget functionality .. whether twx will call those links or it will be called from clients ip ?
suggest best implementation idea's
Solved! Go to Solution.
Unfortunately if you are using some 'video player' type widget, it will be calling the URL from the Client IP not ThingWorx ip
Unfortunately if you are using some 'video player' type widget, it will be calling the URL from the Client IP not ThingWorx ip
The easiest of course would be to open that specific port.
My knowledge about video streams and its access isn't that great, so I'm not sure if some sort of token or session can be established to add additional security.
If embedded access is allowed, you can use an iFrame (web frame widget) perhaps and force a login.
Or just give the URL and make a user open that video stream in a separate browser window.
This is not exactly my area of expertise, but here is how I'd try to approach the task...
You could probably configure a reverse proxy server on the ThingWorx server and keep using widgets with address pointing to ThingWorx server itself, just a different port.
This will expose the CCTV stream to anyone knowing the address and port, though, so additional security measurements would be needed. The simplest one is configuring a basic authentication on the reverse proxy.
This is by no means an elegant and production-ready, but probably could get things done for a PoC / demo.
The next step would be configuring SSO for the reverse proxy to make things sleek and secure, but this would probably require some support from the IT department.
Check the links below for more details.
https://stackoverflow.com/questions/65474980/how-to-use-nginx-for-proxy-rtmp
https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/
https://github.com/Luzifer/nginx-sso/wiki/Nginx-Reverse-Proxy-for-homelab-services-using-SSO