As a user of Blue Iris, I have explored various methods of remote access in order to effectively manage and view my security camera setup. This can be done through mobile apps, Blue Iris webserver, port forwarding, VPN, etc. Understanding the best and safest ways to access Blue Iris remotely is crucial in keeping your security system secure.
There are two main areas for consideration. How we view the security camera feed (app/webpage) and how we setup our network to access that feed remotely. The two primary advantages of blue iris is that it is locally hosted and should be more secure, private, and flexible than cloud hosted alternatives and that is is very powerful compared to other locally hosted alternatives. We don’t want to compromise those primary advantages when viewing the security feed or configuring our network for remote and local access.
Methods for Blue Iris Remote Access Outside Your Network
Lets look at the primary methods that can be used to gain access to your local network from the internet to remotely view your Blue Iris server. Security is the most important consideration here as allowing this access requires creating security issues with your home network. With a well thought out design these security vulnerabilities can be reduced to an acceptable level.
VPN
A virtual private network (VPN) is probably the best option available today. If you want the best mix of ease, performance, and security a VPN should be considered first. I consider this the most secure method for remote access, as it typically comes with encryption and we’re not directly exposing servers to the internet like we are with port forwarding. VPNs don’t require trusting third-party services like ZeroTier or NGROK, ensuring more control over your network access.
While custom VPNs can be setup most good routers will have built in options to enable VPN connections. You have to be careful with settings as we want to setup a system to allow users on the internet to VPN into your private network. Sometimes routers also have settings to allow for the use of VPNs for outgoing traffic (Nord VPN etc) for privacy reasons.
WireGuard, for example, is a user-friendly VPN that can be easily set up and integrated with the Unifi security gateway. We just have to enable the feature. WireGuard can be easily configured on smart phones as well allowing easy secure tunneling into our network from anywhere in the world. Using WireGuard in this manner also allows us to utilize different vlans and firewall rules built into our secure network setup. See my article on setting up WireGuard on Unifi.
Multiple vlans and isolated vlans are almost a requirement for a properly configured home security camera system. No security camera manufacture should be trusted and they should always be isolated away from the rest of our network. Using WireGuard with Unifi allows us to seamlessly drop in external users into that secure networking configuration.
If you want to know more about how I use VLANs to make my network more secure you can read about my setup here.
Port Forwarding
Port forwarding is a popular method of accessing Blue Iris remotely, although it may not be the most secure. By forwarding a specific port on your router to your Blue Iris server, you’re effectively opening up a direct connection to the server on that port from the internet.
This type of connection is basically trading ease of setup for a less secure configuration. By opening a port on your router you’re effectively giving anyone on the internet a free shot at trying to hack into the exposed system. Blue Iris requires a Windows computer to act as a host currently and Windows is not known as being the most secure operating system. By exposing the Blue Iris windows server directly you’ll need to configure and manage the local firewall and you’ll need to keep on top of all patches for the OS. You’ll probably also want to setup firewall rules so that the Blue Iris server has limited ability to reach out on your network to any other systems so that, in the event it is compromised, an attacker’s ability to compromise other systems is limited. Using a complex password and enabling IP auto-ban after multiple failed attempts on Blue Iris is recommended.
For improved security, you can also setup a reverse proxy or other intermediary system that can add more security so that Blue Iris itself isn’t directly exposed but we begin to add a lot of complexity to this solution where to only real benefit is its simplicity. But if you already have your reverse proxy setup for other services this can be a relatively good way to provide access.
ZeroTier
Using ZeroTier provides secure remote access, but requires trust in a third-party service. It creates an encrypted peer-to-peer connection to your Blue Iris server. While it doesn’t require port forwarding or setting up a VPN, you need to trust ZeroTier’s infrastructure. It’s essential to assess the reliability and security of ZeroTier before incorporating it into your remote access setup. There is also some complexity in setting up a ZeroTier ipv4 virtual adapter on the Blue Iris server.
Overall this solution is pretty straightforward but you have to trust a third party service and you also have one more thing to configure and keep up to date on the Blue Iris server. For my needs the VPN/WireGaurd setup was just too easy for a more secure solution to utilize this method.
NGROK
Lastly, NGROK is another third-party service that enables remote access to your Blue Iris server. Similar to ZeroTier, you need to trust this external service. One primary advantage of NGROK is its ability to bypass the need for port forwarding. The service uses a secured tunnel to connect remotely; however, security entails relying on NGROK’s infrastructure. Ensure you understand the security aspects and risks before trusting a third-party service like NGROK.
Methods for Viewing Blue Iris Camera Feeds
There are three popular methods to actually view your Blue Iris camera feed: using the Blue Iris Web server, the Blue Iris mobile app, and RDP (Remote Desktop Protocol) to the Blue Iris host.
Using Blue Iris Webserver
I found that using the Blue Iris Webserver is the best option for remote access with the highest performance for a desktop or laptop computer. This method allows me to access my cameras through a web browser without much hassle. This is the ideal format for desktop viewing and allows for the most screen real estate for the UI to take advantage of all of the functionality available in Blue Iris. If you want to review a lot of footage in the timeline quickly or take advantage of all of the powerful features available this method is almost a requirement.


It is also best when reviewing alerts if you want to confirm or disconfirm the AI’s attempts at identifying items of interest.
However, sometimes the web server does not format correctly on smaller displays like phones and tablets. This can make it difficult to view the live feed and control the cameras properly on those devices. In general this is the ideal way to view a feed and use Blue Iris as intended with the fewest moving parts.
Blue Iris Mobile App
The Blue Iris Mobile app works well enough for remote access as it is specifically designed for phones and tablets there are fewer formatting issues for screens of that size. This makes it easier for me to view the live feed and control the cameras using my phone or tablet compared to viewing the same feed through the Blue Iris website on a smart phone. I have noticed that it sometimes has performance issues but these are rare. It can also be more challenging if you need to engage with some of the more specific functionality of Blue Iris such as reviewing lots of footage or exporting clips easily.


When comparing android and apple experiences I can say that the app works well enough on android or an iphone. I’ve also tested on an ipad pro and given the screen size I’ve had a better experience using the webpage instead of the official app.
Given the cost of the app (should be less than $10) and the added functionality for smart phone usage I think that you should give it a shot along with connecting directly to the web server through a browser.
There are several third-party apps that can connect and view blue iris feeds. I didn’t find any of the options available to be compelling enough to invest time for review. If you’re interested or already have an app you may find that they connect reasonably well but will lack a lot of powerful built in features to blue iris.
RDP to Blue Iris Host
Using RDP (Remote Desktop Protocol) to access the Blue Iris host is another method I have tried. However, I would not recommend it due to several drawbacks. RDP is discouraged as it doesn’t work well with real-time video feeds, which can lead to a less than ideal viewing experience. Mostly the video feed from the actual server itself is just designed to ensure it works rather than being intended as a method for connection.
Conclusion
The take away here should be that a VPN, with properly implemented vlans and firewall rules, is the best solution for remote access to your home network and your Blue Iris server in that network. Given how easy it is to setup on Unifi or other high quality routers it should really be the only solution for remote access to your home network.
In my experience, there are several methods to view Blue Iris security camera feeds once you have local network access, each with its own advantages and disadvantages. I found that using mobile apps or the UI3 web server interface can be convenient and user-friendly. Desktop or power users should use the web server interface while smaller smart phone screens should lean towards mobile apps but fall back on the web server for specific workflows or functionality.
For the best setup you should be sure to configure isolated vlans on your home network with reasonable firewall rules and utilize WireGuard or another reputable VPN software system for remote access into those vlans and your local network.