I’ve setup a test system on a spare desktop running Ubuntu 20.04 and bluecherry 3.1.0-rc4 from the deb/repo. Initially testing looked fairly good and it’s been running for a few weeks. I tried to login today via the web UI and I can’t get past the login screen. I put in the user name and password, press enter, and green button changes to “loading…” and that’s all that happens.
Looking at the login request via devtools in my browser, the server never responds.
I’ve done a full reboot as well as restarted nginx.service, bluecherry.service, and php7.4-fpm.service with no luck. I am able to connect to the default nginx on port 80 and it loads the page.
Same problem. Everything goes fine with windows client. Web interface doesn’t logging in.
After entering username and password - “loading” couple min, then “504 Gateway Time-out”
We are working hard on resolving this, we currently have two affected customers who have provided us SSH access which is helping. If you want to be the third let me know ;).
I was just one of those who gave access to the system via ssh, I just can’t keep it open all the time for security reasons, but I can open it for the duration of your maintenance.
hey, @heibert I’m also granting ssh access for the same issue.
for ssh security you could always enable fail2ban. I know I had a lot of chinese IP’s knocking on my ssh port.
I have the following in place to disable IP’s after 3 failed logins which also send me an email.
I also have a simple command in bashrc that emails me anytime somoene logs in.
if you have any question on setting this up, feel free to reach out.
#install mail and SMTP
apt install mailutils msmtp msmtp-mta -y
vi /etc/msmtprc
defaults
auth on
tls on
tls_trust_file /etc/ssl/certs/ca-certificates.crt
logfile ~/.msmtp.log
account gmail
host smtp.gmail.com
port 587
from MAKE-A-NAME@gmail.com
user GMAIL-USER(excluding@gmail.com)
password PASSWORD
account default : gmail
test with: echo "Message" | mail -s "$HOSTNAME" EMAIL@protonmail.com
#install fail2ban
apt install fail2ban -y
systemctl enable fail2ban && cp /etc/fail2ban/jail.{conf,local} && vi /etc/fail2ban/jail.local
bantime = -1
destemail = EMAIL@protonmail.com
action = %(action_mw)s
systemctl restart fail2ban
#enable email for all ssh logins (debian 11)
vi /etc/bash.bashrc
echo 'ALERT - apl-srv login on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d'(' -f2 | cut -d')' -f1`" EMAIL@protonmail.com
Thanks, that sounds like a good solution, but i have a large home network with a lot of devices and several servers. I direct the router to the device i need in its configuration as needed, otherwise keeping open ports to a minimum.
But I think I know where to apply your solution, thanks anyway!
Hello,
I had the same issue, but since I was moving off of a Physical server to a VM server instance, I have just reloaded it as a VM and since parts out the old server. At this time I do not have SSH ports open. At current moment the VM DVR systems seems to be working. I might be a 3rd person well at least a 3rd person to report that I also experienced this. If it happens again, I will open up SSH and reach out to support.
Question, if we can’t log in, I assume the cameras are still recording?
On a side note, I don’t want to say the only people using this DVR system are diehard Linux / Unix users, but for beginners and people who like a GUI, Take a look at WEBmin. It is web based and you install it on the DVR box. Listens on port 10000. They have a GUI web page section where it lists the services so if you wanted to stop and start Bluecherry DVR service you could use that as a tool. I am also a person who will from time to time Delete the recordings and I use the file manager utility to for to the recordings folder and delete what I want. If you are not local to the DVR box you might like webmin.
I just wanted to say, I also ran into this issue. It would happen after about a week or so of running. I created a cron job to restart the service every other day to get around this issue for now.
After tearing about the code we found two issues related to this problem, the most significant is a newly added section of code in RC3 for bc_check_media() which scans for files that are deleted from the filesystem (manually) but still show up in the database.
This code causes CPU usage to be maxed out. This will be fixed in RC6.
Jul 19 12:21:25 ptsnvr bc-server[1505]: I(2/side): Switching to new recording schedule ‘motion’
Jul 19 12:21:25 ptsnvr bc-server[1505]: I(2/side): motion algorithm is set to 1
Jul 19 12:21:25 ptsnvr bc-server[1505]: I(2/side): frame downscale factor is set to 0.500000
Jul 19 12:21:25 ptsnvr bc-server[1505]: I(2/side): min_motion_area_percent is set to 10
Jul 19 12:21:25 ptsnvr bc-server[1505]: I(2/side): max_motion_area_percent is set to 90
Jul 19 12:21:25 ptsnvr bc-server[1505]: I(2/side): max_motion_frames is set to 20
Jul 19 12:21:25 ptsnvr bc-server[1505]: I(2/side): min_motion_frames is set to 15
Jul 19 12:21:25 ptsnvr bc-server[1505]: I(2/side): motion_blend_radio is set to 15:1
Jul 19 12:21:25 ptsnvr bc-server[1505]: I(2/side): motion_debug is set to 0
Jul 19 12:21:25 ptsnvr bc-server[1505]: W(2/side): Failed to initialize VAAPI decoder for stream