Camio Box has no credentials to view your encrypted cloud storage. Instead, it receives signed URLs permitted only to store content (i.e. Camio Box can write but cannot read). Please see the the summary table below in addition to these descriptions.
HTTPS port 443
Only if you restrict outbound SSL connections via the standard port 443, please unblock the Box's access to the following servers:
- https://camio.com
- core API services to upload video, images, and metadata of video events.
- https://*.camio.com
- additional service hosts like hls.camio.com for live sreaming, turn.camio.com for WebRTC turn server, and www.camio.com for general APIs as in 1 above.
The following URLs are currently used but they will soon be replaced by CNAMEs on the camio.com domain (so covered by #2 above at that point). For now, allow access also to:
- additional service hosts like hls.camio.com for live sreaming, turn.camio.com for WebRTC turn server, and www.camio.com for general APIs as in 1 above.
- https://camio-cameras.appspot.com
- service to lookup camera makes and models by MAC OUI to determine RTSP path info.
- https://cam-dot-camiologger.appspot.com
- service that receives video events from the Box gateway and issues commands like video upload requests.
- https://cam-dot-camio-test.appspot.com
- service that checks for firmware upgrades every 6 hours.
- https://camiologger.appspot.com
- alias for 1 above (core APIs to upload video, images, and metadata of video events)
- https://praxis-api-dot-camio-test.appspot.com
- service that serves AI Models to Box Gateways (e.g. human/vehicle detection models)
- https://storage.googleapis.com
- service to store video and images of events in Google Cloud Storage
- https://pypi.org
- repository of python packages for security updates
WSS (TCP & UDP) port 443
- wss://*.camio.com
- websocket service used to receive notifications of new events and server requests.
HTTP port 80
Optional, but recommended: Only if SSL fails due to severe clock drift on the Box, a single HTTP request for the current time via port 80 is made to this server. In addition to this, some package updates are made to the official Ubuntu package repositories over HTTP. As package signing and verification is built into the update process, SSL encryption is considered non-critical for these operations. We are planning on changing to SSL-enabled mirrors of the official Ubuntu package repositories but we do not have a ETA on this change.
- http://camio.com/time
- fallback time service when port 123 unavailable to determine system time. Since SSL fails when clocks are too far out of synch, this port 80 service is used only to correct the time.
- http://us.archive.ubuntu.com
- repository of Operating System packages for security updates
- http://security.ubuntu.com
- repository of Operating System packages for security updates
- http://extras.ubuntu.com
- repository of Operating System packages for security updates
NTP Servers
Box used Ubuntu's NTP servers (port 123)
- ubuntu.pool.ntp.org
- optional but recommended time server for Camio Box clock synchronization
DNS Servers
The Box uses Google DNS servers by default:
- 8.8.8.8
- 8.8.4.4
Summary
Address | Direction | Protocol | Port |
https://camio.com | Outbound | HTTPS | 443 |
https://*.camio.com | Outbound | HTTPS | 443 |
https://camio-cameras.appspot.com | Outbound | HTTPS | 443 |
https://cam-dot-camiologger.appspot.com | Outbound | HTTPS | 443 |
https://cam-dot-camio-test.appspot.com | Outbound | HTTPS | 443 |
https://camiologger.appspot.com | Outbound | HTTPS | 443 |
https://praxis-api-dot-camio-test.appspot.com | Outbound | HTTPS | 443 |
https://storage.googleapis.com | Outbound | HTTPS | 443 |
https://pypi.org | Outbound | HTTPS | 443 |
http://camio.com/time | Outbound | HTTP | 80 |
http://us.archive.ubuntu.com | Outbound | HTTP | 80 |
http://security.ubuntu.com | Outbound | HTTP | 80 |
http://extras.ubuntu.com | Outbound | HTTP | 80 |
rtmp://hls.camio.com | Outbound | RTMP | 1935 |
ubuntu.pool.ntp.org | Outbound | NTP | 123 |
8.8.8.8 | Outbound | DNS | 53 |
8.8.4.4 | Outbound | DNS | 53 |
wss://websockets2.camio.com/ws | Outbound | WSS | 443 (UDP & TCP) |
Deprecated RTMP (TCP) port 1935
Optional: Only if live streaming via HLS is enabled / required. RTMP is deprecated and being replaced by the use of WebRTC by March 2022.
- rtmp://hls.camio.com
Comments