You’re correct. Hold changes permanently change the BI profile, and the change ignores the schedule and holds through restarts. A temp change only lasts as long as the time you have set in the BI settings for each profile.
I have the Schedule in BI set to “away” all the time, just as a backup in case something weird happened, it’d at least go the the profile that records everything (per my set up anyway). You could easily disable it as well.
The pasword is coded as a password within the app, so it treats it like it does all passwords. The extra dots are not different characters. Do you have profile switching set up as well as the triggers? Do the profile changes work?
This is the part I had the most issues with as well. It didn’t work for months for me, and I changed username/password one day and it worked again. The BI triggers app and Profile switching app I reference above, and used code from, have threads full of people that have never had an issue (using the same code I put in this app). So my advice is to confirm all your settings again, and maybe try a different BI user profile (really changing all the inputs to something else, saving it, and changing them back will ensure all the variables in the app are completely reset and correct). I had a “smarththings” user in BI that was working, but was using my normal user in testing and it never worked. When I switched to the normal smartthings user, it worked fine (I use separate users in BI so I can easily see if I logged in via the BI app or if it is Smartthings doing something). As long as the IP/Port/Username/Password/Camera name are all correct, and you have it set to run Local, it should work. When it triggers, are you seeing the login on the BI status page? Even when it wouldn’t trigger for me, it showed a connection to the server.
I had no issues running it externally for 6 months, so if you don’t mind that, you don’t have to have a static IP. I set up a no-ip.com account, you can get a free dynamic DNS page (you just have to verify it every month), or you can pay for it (~$35/yr). You just set up their client on your router or computer you have BI running on (or use BI tools) and instead of needing your external IP you just have a web address to type in (that never changes, e.g. “myBIserver.ddns.org”). You don’t need a legit cert unless you’re also running Stunnel, and that isn’t cosmic to set up either. I can probably write up a quick readme for how to do that part if you want.
I’ve been bouncing around a device type idea as well. It’d be nice to see
the profile and whether the web server is online or not. Probably some
other good things to monitor there. I’m not sure how to set it up. Ideally
BI would send some kind of alerts for profile changes, but I don’t think it
does. Smartthings can poll the info (I already use the SmartPing app for
server monitoring), but that’s a bit cumbersome, especially for a device
type. I’ll keep kicking around the idea, if anyone has any good thoughts
I sent an email to BI support asking about this.
You can change a ST device status via a Post request correct? I was thinking I saw that in another smartapp I was looking at.
It should be possible to have a little utility (another cumbersome workaround) that sits on the BI machine and watches the Message Log. Anytime it sees a status change record it could post that change to a ST device.
I did this (tried everything you said above) and it ran a couple times, then quit, was sporadic, but still, the most success I’ve had among all code I’ve come across (so thanks for the hope!). One time, for example, it changed to profile 2 (my away) then when I disarmed, it attempted to change back to 1 (my home), but gave:
12:06:07 PM: debug Could not adjust Blue Iris Profile
12:06:07 PM: debug BI_Found profile 1
12:06:07 PM: debug BI_modeChange matched to Home
12:06:07 PM: debug BI_modeChange detected. Home
I also use separate users, for the same reason as you stated.
I already have this, so I’m good there… in the posts where you took some code (I’ve been following them very well, too!) a lot of people obviously don’t run this externally encrypted (wow), so see my next response!
I am running Stunnel, would love a readme on adding a cert to BI! I thought you had a post that mentioned something about getting a legit cert for free from some site? I don’t see that in your post… of course, that and not knowing where/how to setup the cert on my BI server (windows 10) is my hang up.
Ok, so it gets weirder. I created two new routines in Smartthings, 1 is “I’m back” which manually sets ST to home (disarmed) and another is “Goodbye” (or maybe those were already in there, ha, thought I added them, but now not sure, not too pertinent though). When I use those routines to push/change the mode, Blue Iris Fusion shows the profile as changing to the appropriate profile each time in IDE. I see in the BI log that it actually does connect, but it connects as anonymous. However, the profile doesn’t actually change in BI. So, I set BI to require all connections (this will mess up a few of my motion things (I use a couple BI cameras as motion detectors in Smartthings), but I can fix that)) to require a login. Then, I unchecked “Secure Only” for authentication under WebServer in BI. Using the routine Arm (Away) or Disarm then gave sporadic results. The same with manually changing mode from the dashboard. However, now when I use the routines “Goodbye!” or “I’m back!” it changes the profile correctly every time. All four routines however report in the IDE. So, I’m getting somewhere. I want to keep Secure Only checked in BI since I use UI2 and I don’t want the window to pop up (also want to make sure my login is secured externally) and I want to not have to login via the LAN (for my android monitor), but that is a bit outside of the scope of Smartthings. Anyhow, perhaps this extra info will help.
Goodbye! and I’m Back! routines use my phones as presense (geolocation in ST), so maybe they were already there… been so long since I used them. BI’s geolocation just never worked well for me, so that is another reason I wanted ST to change the profile as it has been 100% unless the servers/db were having issues.
I could be a little fuzzy on everything above because I was trying so many different things, but in a nutshell, to get local connections to work, you have to play around with BI (I’m currently running version 126.96.36.199 x64 as a service), I have a feeling this may matter for everyone, whether or not they use encryption. Go to Blue Iris Options, the Web server tab, under Advanced, make sure Secure only is unchecked and Authentication must be at the least set to Non-LAN only. One thing I am wary about, when I’m connecting to the web pages externally, even though I am using stunnel, I believe my authentication is still encrypted, but I am not 100% sure. I guess I’ll have to get wire shark out… that being said, since it is using https and that is ALL I have (via the port I am using) punched open on the firewall, I feel a little better about that.
Sorry JMZ, I should have been more clear. I have BlueIris configured properly, I don’t see how to use your script to actually set a profile in BlueIris. There doesn’t appear to be any specific action in Smarthings app where I can use your script to set a specific profile when I am away from home.
Ah, I see what you mean. The profile switching part of the smartapp is at the bottom, below the BI server settings. I put it down there because it’s something you shouldn’t have to change after initial setup, just like the server settings. The app lists each Smartthings mode you have, and allows you to enter the Blue Iris Profile Number that matches (e.g. It lists “Mode Home” and you enter a 1 because the Blue Iris Profile #1 is your Home-like profile. Then below that it asks whether you want hold or temporary changes. Let me know if that clears it up!
It is an error saying that the localOnly value is empty (it’s a boolean variable, and it is apparently not true or false). That’s pretty odd, because it’s a required value so it shouldn’t have let you progress in the app installation without touching it. To fix it, go into the app settings, and click the switch to on then off (or vice versa, just change it’s setting and then change it back to what you want), then press done at the top. That should updated all the variables and correct the issue. If not, you may have to uninstall the smartapp and reinstall it. Let me know if you still have the issue. It’s a pretty important variable, I’d be surprised if there is a real error in the code with it, but I’ve been wrong before!
You just solved my mystery! I thought it was me switching users that got local to work, but somehow in the mess I must have unchecked “Secure Only.” I just tested it, and it seems that it is the critical step to making local work. Reading the help manual, below, it makes sense. Sending the GET command in this app apparently doesn’t jive with the new secure login with Blue Iris:
Select the Secure only authentication option in order to use the new login.htm page. If you un-select this option, Blue Iris will also accept plaintext or “basic” authentication. Basic authentication may be a requirement for the use of certain third-party add-on software such as TrackIT.
I’m not sure how secure it is, transmitting via stunnel should keep it encrypted, but I’m not very smart in this department, so whatever you can figure out, please share. If you’re running BI locally only and not connecting to it remotely, then is definitely no big deal, because you’d have to be on the network to exploit any vulnerabilities anyway. If you do use remote access, and either don’t want to use stunnel or do use it and want extra security, a VPN would work. That was my reason for wanting it to work locally anyway, so that I could only connect to my BI externally via VPN, but still have smartthings talk to it (because the hub is already on the network). I’m working on setting that up now.
Here’s the readme I wrote though, this should take care of it. If you find issues with it or it’s unclear, please let me know so I can update it:
SSL Certificate Generation
Setup your host on no-ip.com.
a. Create an account, and sign up for the “No-IP Plus” service level (enhanced might work), no need for registering a domain name unless you want your own, just use one of their included domains (e.g. mydomain.ddns.net).
b. Set up your hostname: Host Type - “DNS Host (A)”, IP address will auto populate, Assign Group – No Group, Enable Wildcard off.
Go to: zerossl.com > click on Online Tools > Click on Start for the Free SSL Certificate Wizard
Enter Email Address, check DNS Verification box, check both terms of service boxes to agree
For New setups:
a. In “Domains…”, type in your domain name (e.g. mydomain.com or mydomain.ddns.net).
b. Leave the “Paste your Let’s Encrypt Key…” and “Paste your CSR…” fields blank.
c. It’ll ask if you want to include the www version (if yes, you’ll get it for www.mydomain.ddns.net as well). Click next.
d. It’ll generate the domain-csr.txt file, then generate the Key (account-key.txt). Be sure to save both files and put in a secure location.
e. Then it’ll take to you the verification step, use the DNS verification (not http, which has you put specific stuff on your server, which you can’t do in blue iris).
f. Log into your No-ip.com account > manage domains > Modify > Advanced Records > TXT, and copy the TXT record into it and click update
g. Wait 15-30 minutes (per directions), and click verify. When it’s good, it’ll take you to your last step.
h. Download the domain-crt.txt and domain-key.txt files, and save your account ID. Keep all the files in a safe place!
i. Delete the TXT records from your hostnames on your no-IP.com account.
a. Leave “Domains…” blank
b. In “Paste your Let’s Encrypt Key…”, copy the “account-key.txt” file contents so you can skip verification.
c. In “Paste your CSR…”, copy in your “domain-csr.txt” file contents you created the first time you set it up.
d. Click Next.
e. As long as it wasn’t expired (so create a reminder somewhere to renew this before it expires each time), it’ll take you straight to a new certificate (domain-crt.txt). Download, save a copy in a safe place.
Configure Stunnel, first stop the stunnel service and make sure the GUI is closed.
For new setups:
a. Edit the stunnel.conf file to read:
accept = xxx.xxx.xxx.xxx:xxxx
connect = xxx.xxx.xxx.xxx:xxxx
cert = blueiris.pem
TIMEOUTclose = 0
b. Save stunnel.conf and close it. Save a backup copy to a safe place.
c. Create a new .txt file and call it “blueiris.pem” this is your new certificate file to replace the default stunnel.pem.
d. Open the blueiris.pem file you just created and paste the contents of domain-key.txt into it. After the domain-key.txt contents, paste the contents of domain-crt.txt and save the file. Save a backup copy to a safe place.
a. Open the blueiris.pem file and delete the old certificate (so everything after “-----END PRIVATE KEY-----“)
b. Paste the new certificate to the end (all of the new domain-crt.txt you just downloaded)
c. Save the file and close it. Save a backup copy to a safe place.
Start the Stunnel service, then open the Stunnel GUI and reload configuration. Test it out!
Did you modify the code at all (or modify it accidentally while looking at it)?
I just posted version 2.2 to Github, it only adds a note to the setup page, but if you update to that version it’ll ensure you have a clean copy installed. Try updating and publishing it via the API, then open it up in the smartthings app to double check settings and try it again.