Groov acting as a proxy server

I am trying to use a Groov appliance video gadget, with Groov acting as a proxy server. When the “Use Groov as proxy” is not selected, the video feed comes through fine; the moment I select “use as proxy”, it stops working and only the empty gadget frame appears. Here are some details about my question and network configuration:

On the Groov box I am using both the Eth0 and Eth1 ports. The Eth0 port is configured using a subnet that has access to the internet (Lan-1), so is less secure. The Eth1 port is a different subnet (Lan-2), which is meant to be totally secure, and it doesn’t have direct access to the internet. The controller, brain boards, and cameras, are on the secure network (Lan-2). When I access Groov through Lan-1 (Eth0), I am able to see all of the controller tag values except the video gadgets. I was under the impression that by selecting “Use Groov as proxy” that the video stream would also be sent through to Lan-1. Do I have a correct understanding of how this should work? Or, perhaps I have something misconfigured? Thanks!

When you have that proxy option turned on, the flow of information goes something like this:

  1. Your web browser requests an image from the video camera from your groov appliance.
  2. The groov appliance then requests the image from the camera.
  3. If/when it gets an image back, it serves that image back up to the browser.

That can fail if the groov appliance can’t reach the camera for some reason (DNS being a common one), or if the camera uses an HTTPS connection with a certificate that isn’t signed by a well-known authority.

It seems like I have it setup like that. The Groov appliance can definitely reach the camera through Lan 2 (Eth1). (The video gadget works fine if the proxy box is not checked…) The problem seems to be that Groov can’t process the video gadget display request, coming from Lan 1 (Eth0), to display on Groov.

PS - The camera doesn’t use a https connection with a certificate. It would seem that if the DNS settings were an issue that the video gadget wouldn’t ever work. Not sure though…

Additional note: The video gadget works under the following circumstances:

  1. When the Use Groov as proxy is not checked.
    2.When the browser interfacing with Groov has a connection to both Lan-1 and Lan-2.

Under any other circumstance the video gadget doesn’t work.

If that proxy box isn’t checked, then the web browser is accessing the camera directly, the groov appliance isn’t involved at all.

Does the camera have an address that’s routable on the public internet? And are you addressing it via a hostname or by IP address?

  1. No, the camera’s IP address is not routable on the the public internet. Since the camera is on the “secure” LAN along with the Opto controllers, etc, we thought that by 1) using Groov as proxy, and 2) with Groov port Eth0 being routable on the public internet, that Groov would make the connection between the 2 lans and hand-off the camera images…

  2. The camera is being accessed by it’s IP address.

Are the cameras on the same subnet as eth1 or is there routing involved in getting to them?

Yes, the cameras are on the same subnet as eth1.

Have you looked in your groov logs at all? Check for any messages from ReProxyServlet; that’s the name of the service that acts as a proxy for video camera. As an example, when I deliberately added a broken link and tried to proxy it, I see this in my log:

Jul 8, 2019 3:58:18 PM WARN com.opto22.groov.server.ReProxyServlet - Error occurred when connecting to URL null: Connect to 10.192.57.110:80 [/10.192.57.110] failed: Connection refused (Connection refused)

I did look at the log. It doesn’t state any of the IP information like yours. Is there a way to tell whether it was Eth0 or Eth1 that tried to access the gadget? Eth1 should be accessing the camera and passing the image out through Eth0, since only Eth0 is connected to the internet. Please see below.

2019-07-08, 21:11:34 GMT-04:00 WARN com.opto22.groov.server.ReProxyServlet - Error occurred when connecting to URL

I think we’ll need to move to product support at this point: there’s probably some detail in your routing setup that’s confusing things, so let’s move somewhere safe to discuss your setup.