diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index 223112a7d..425a282d4 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -10,9 +10,9 @@ "features": { "ghcr.io/devcontainers/features/common-utils:1": {} }, - "forwardPorts": [8080, 5000, 5001, 5173, 8554, 8555], + "forwardPorts": [8971, 5000, 5001, 5173, 8554, 8555], "portsAttributes": { - "8080": { + "8971": { "label": "External NGINX", "onAutoForward": "silent" }, diff --git a/docker/main/rootfs/etc/s6-overlay/s6-rc.d/certsync/run b/docker/main/rootfs/etc/s6-overlay/s6-rc.d/certsync/run index 521a07463..af3bc04de 100755 --- a/docker/main/rootfs/etc/s6-overlay/s6-rc.d/certsync/run +++ b/docker/main/rootfs/etc/s6-overlay/s6-rc.d/certsync/run @@ -34,7 +34,7 @@ do ;; esac - liveprint=`echo | openssl s_client -showcerts -connect 127.0.0.1:8080 2>&1 | openssl x509 -fingerprint 2>&1 | grep -i fingerprint || echo 'failed'` + liveprint=`echo | openssl s_client -showcerts -connect 127.0.0.1:8971 2>&1 | openssl x509 -fingerprint 2>&1 | grep -i fingerprint || echo 'failed'` case "$liveprint" in *Fingerprint*) diff --git a/docs/docs/configuration/authentication.md b/docs/docs/configuration/authentication.md index 2728d1421..47d7e85a3 100644 --- a/docs/docs/configuration/authentication.md +++ b/docs/docs/configuration/authentication.md @@ -13,7 +13,7 @@ The following ports are available to access the Frigate web UI. | Port | Description | | ------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| `8080` | Authenticated UI and API. Reverse proxies should use this port. | +| `8971` | Authenticated UI and API. Reverse proxies should use this port. | | `5000` | Internal unauthenticated UI and API access. Access to this port should be limited. Intended to be used within the docker network for services that integrate with Frigate and do not support authentication. | ## Onboarding diff --git a/docs/docs/configuration/reference.md b/docs/docs/configuration/reference.md index 90bdce8a9..8b51de148 100644 --- a/docs/docs/configuration/reference.md +++ b/docs/docs/configuration/reference.md @@ -65,7 +65,7 @@ database: # Optional: TLS configuration tls: - # Optional: Enable TLS for port 8080 (default: shown below) + # Optional: Enable TLS for port 8971 (default: shown below) enabled: True # Optional: Proxy configuration diff --git a/docs/docs/configuration/tls.md b/docs/docs/configuration/tls.md index 89e79410e..7b254c100 100644 --- a/docs/docs/configuration/tls.md +++ b/docs/docs/configuration/tls.md @@ -5,7 +5,7 @@ title: TLS # TLS -Frigate's integrated NGINX server supports TLS certificates. By default Frigate will generate a self signed certificate that will be used for port 8080. Frigate is designed to make it easy to use whatever tool you prefer to manage certificates. +Frigate's integrated NGINX server supports TLS certificates. By default Frigate will generate a self signed certificate that will be used for port 8971. Frigate is designed to make it easy to use whatever tool you prefer to manage certificates. Frigate is often running behind a reverse proxy that manages TLS certificates for multiple services. You will likely need to set your reverse proxy to allow self signed certificates or you can disable TLS in Frigate's config. However, if you are running on a dedicated device that's separate from your proxy or if you expose Frigate directly to the internet, you may want to configure TLS with valid certificates. @@ -44,13 +44,13 @@ frigate: Frigate automatically compares the fingerprint of the certificate at `/etc/letsencrypt/live/frigate/fullchain.pem` against the fingerprint of the TLS cert in NGINX every minute. If these differ, the NGINX config is reloaded to pick up the updated certificate. -If you issue Frigate valid certificates you will likely want to configure it to run on port 443 so you can access it without a port number like `https://your-frigate-domain.com` by mapping 8080 to 443. +If you issue Frigate valid certificates you will likely want to configure it to run on port 443 so you can access it without a port number like `https://your-frigate-domain.com` by mapping 8971 to 443. ```yaml frigate: ... ports: - - "443:8080" + - "443:8971" ... ``` diff --git a/docs/docs/frigate/installation.md b/docs/docs/frigate/installation.md index ff2bdf220..e80831edb 100644 --- a/docs/docs/frigate/installation.md +++ b/docs/docs/frigate/installation.md @@ -34,7 +34,7 @@ The following ports are used by Frigate and can be mapped via docker as required | Port | Description | | ------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| `8080` | Authenticated UI and API access without TLS. Reverse proxies should use this port. | +| `8971` | Authenticated UI and API access without TLS. Reverse proxies should use this port. | | `5000` | Internal unauthenticated UI and API access. Access to this port should be limited. Intended to be used within the docker network for services that integrate with Frigate. | | `8554` | RTSP restreaming. By default, these streams are unauthenticated. Authentication can be configured in go2rtc section of config. | | `8555` | WebRTC connections for low latency live views. | @@ -171,7 +171,7 @@ services: tmpfs: size: 1000000000 ports: - - "8080:8080" + - "8971:8971" # - "5000:5000" # Internal unauthenticated access. Expose carefully. - "8554:8554" # RTSP feeds - "8555:8555/tcp" # WebRTC over tcp @@ -194,7 +194,7 @@ docker run -d \ -v /path/to/your/config:/config \ -v /etc/localtime:/etc/localtime:ro \ -e FRIGATE_RTSP_PASSWORD='password' \ - -p 8080:8080 \ + -p 8971:8971 \ -p 8554:8554 \ -p 8555:8555/tcp \ -p 8555:8555/udp \ @@ -370,7 +370,7 @@ docker run \ --network=bridge \ --privileged \ --workdir=/opt/frigate \ - -p 8080:8080 \ + -p 8971:8971 \ -p 8554:8554 \ -p 8555:8555 \ -p 8555:8555/udp \ diff --git a/docs/docs/guides/getting_started.md b/docs/docs/guides/getting_started.md index a828bfbdb..3b58a1d38 100644 --- a/docs/docs/guides/getting_started.md +++ b/docs/docs/guides/getting_started.md @@ -117,7 +117,7 @@ services: tmpfs: size: 1000000000 ports: - - "8080:8080" + - "8971:8971" - "8554:8554" # RTSP feeds ``` @@ -137,7 +137,7 @@ cameras: - detect ``` -Now you should be able to start Frigate by running `docker compose up -d` from within the folder containing `docker-compose.yml`. On startup, an admin user and password will be created and outputted in the logs. You can see this by running `docker logs frigate`. Frigate should now be accessible at `https://server_ip:8080` where you can login with the `admin` user and finish the configuration using the built-in configuration editor. +Now you should be able to start Frigate by running `docker compose up -d` from within the folder containing `docker-compose.yml`. On startup, an admin user and password will be created and outputted in the logs. You can see this by running `docker logs frigate`. Frigate should now be accessible at `https://server_ip:8971` where you can login with the `admin` user and finish the configuration using the built-in configuration editor. ## Configuring Frigate diff --git a/docs/docs/guides/reverse_proxy.md b/docs/docs/guides/reverse_proxy.md index b65ad515b..012d6b228 100644 --- a/docs/docs/guides/reverse_proxy.md +++ b/docs/docs/guides/reverse_proxy.md @@ -38,20 +38,20 @@ Here we access Frigate via https://cctv.mydomain.co.uk ServerName cctv.mydomain.co.uk ProxyPreserveHost On - ProxyPass "/" "http://frigatepi.local:8080/" - ProxyPassReverse "/" "http://frigatepi.local:8080/" + ProxyPass "/" "http://frigatepi.local:8971/" + ProxyPassReverse "/" "http://frigatepi.local:8971/" - ProxyPass /ws ws://frigatepi.local:8080/ws - ProxyPassReverse /ws ws://frigatepi.local:8080/ws + ProxyPass /ws ws://frigatepi.local:8971/ws + ProxyPassReverse /ws ws://frigatepi.local:8971/ws - ProxyPass /live/ ws://frigatepi.local:8080/live/ - ProxyPassReverse /live/ ws://frigatepi.local:8080/live/ + ProxyPass /live/ ws://frigatepi.local:8971/live/ + ProxyPassReverse /live/ ws://frigatepi.local:8971/live/ RewriteEngine on RewriteCond %{HTTP:Upgrade} =websocket [NC] - RewriteRule /(.*) ws://frigatepi.local:8080/$1 [P,L] + RewriteRule /(.*) ws://frigatepi.local:8971/$1 [P,L] RewriteCond %{HTTP:Upgrade} !=websocket [NC] - RewriteRule /(.*) http://frigatepi.local:8080/$1 [P,L] + RewriteRule /(.*) http://frigatepi.local:8971/$1 [P,L] ``` @@ -101,7 +101,7 @@ This is set in `$server` and `$port` this should match your ports you have expos server { set $forward_scheme http; set $server "192.168.100.2"; # FRIGATE SERVER LOCATION - set $port 8080; + set $port 8971; listen 80; listen 443 ssl http2; diff --git a/frigate/config.py b/frigate/config.py index 59ce58ea3..5331d311a 100644 --- a/frigate/config.py +++ b/frigate/config.py @@ -116,7 +116,7 @@ class UIConfig(FrigateBaseModel): class TlsConfig(FrigateBaseModel): - enabled: bool = Field(default=True, title="Enable TLS for port 8080") + enabled: bool = Field(default=True, title="Enable TLS for port 8971") class HeaderMappingConfig(FrigateBaseModel):