-
The DNS names used by clients to access XProtect must match the DNS names XProtect is configured to use. If the client cannot resolve the DNS names seen in Management Client, things will not work regardless of what DNS name you use to login to XProtect. This is because after a successful login, the client receives a configuration from the server with a list of recording server URLs, registered service URLs, and more.
-
Because of the DNS thing explained above, you'll have to come up with your own strategy for handling DNS resolution on the proxy server(s) and/or clients. Essentially, you need to do split-horizon DNS resolution where clients resolve to the address of the reverse-proxy while the reverse-proxy resolves the same DNS names to the actual Milestone server(s).
-
So far I am still having trouble logging in with Smart Client using a Windows user through Traefik. The IDP component on the Management Server logs an error. But I can login using a basic user and presumably an SSO user using an external OIDC identity provider since that is effectively the same as a basic user login.
Last active
May 22, 2025 18:13
-
-
Save joshooaj/d35d95b964d9ffd0c35162995d8d0969 to your computer and use it in GitHub Desktop.
Traefik reverse-proxy configuration example for XProtect VMS
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| entryPoints: | |
| web: | |
| address: ":80" | |
| http: | |
| redirections: | |
| entryPoint: | |
| to: websecure | |
| scheme: https | |
| websecure: | |
| address: ":443" | |
| http: | |
| tls: {} | |
| vms-recorder: | |
| address: ":7563" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| http: | |
| routers: | |
| vms-ms: | |
| entryPoints: | |
| - web | |
| - websecure | |
| rule: "Host(`management.example.com`)" | |
| service: vms-ms | |
| tls: {} | |
| services: | |
| vms-ms: | |
| loadBalancer: | |
| servers: | |
| - url: "https://management.example.com" | |
| tcp: | |
| routers: | |
| vms-rs: | |
| entryPoints: | |
| - vms-recorder | |
| rule: "HostSNI(`recorder.example.com`)" | |
| service: vms-rs | |
| tls: {} | |
| services: | |
| vms-rs: | |
| loadBalancer: | |
| servers: | |
| - address: "recorder.example.com:7563" | |
| tls: true |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment