I briefly looked at implementing TLS in the uvloop/llhttp server and it appears non-trivial to say the least. Adding a simple nginx reverse proxy in front (or any other comparable service) seems quite a lot easier. However, I found that the go2rtc endpoints also need to be separately proxied. Some endpoints worked as-is, but /go2rtc/api/ws in particular did not as it uses websockets. In getGo2rtcBaseUrl() there is a reference to the go2rtc base URL changing if there is a reverse proxy in front of the system, and I was able to infer the proper configuration for nginx. I'll add the nginx configuration I used to get live views working once my VPN comes back online (temporary outage).
It would be nice to have some clear documentation on what endpoints need to be forwarded if a reverse proxy is set up in front of lightNVR. So far I have / to http://127.0.0.1:8080 and /go2rtc to http://127.0.0.1:1984/go2rtc, but I don't know whether any other endpoints are expected.
I briefly looked at implementing TLS in the uvloop/llhttp server and it appears non-trivial to say the least. Adding a simple nginx reverse proxy in front (or any other comparable service) seems quite a lot easier. However, I found that the
go2rtcendpoints also need to be separately proxied. Some endpoints worked as-is, but/go2rtc/api/wsin particular did not as it uses websockets. IngetGo2rtcBaseUrl()there is a reference to the go2rtc base URL changing if there is a reverse proxy in front of the system, and I was able to infer the proper configuration for nginx. I'll add the nginx configuration I used to get live views working once my VPN comes back online (temporary outage).It would be nice to have some clear documentation on what endpoints need to be forwarded if a reverse proxy is set up in front of lightNVR. So far I have
/tohttp://127.0.0.1:8080and/go2rtctohttp://127.0.0.1:1984/go2rtc, but I don't know whether any other endpoints are expected.