In order to connect to any server over the Internet (such as SecuritySpy’s built-in web server for remote access to your CCTV system), the server must be exposed to the Internet via a public IP address.
Most standard home and commercial Internet connections (Fibre, ADSL, Cable) provide a public Internet address, which makes setting up remote access to SecuritySpy fairly straightforward, as described in the Remote Access section of the SecuritySpy Installation Manual.
However, Mobile/Cellular Internet connections (i.e. those that use a 3G, 4G or 5G modem to connect wirelessly over the cellular network) are becoming increasingly common, as their speed and reliability increase and costs decrease. Unfortunately, most mobile Internet connections do not provide a true public IP address, but rather provide a private address within the Internet provider’s network (this is called Carrier-Grade NAT). Therefore it is not possible to set up remote access in the same way. Typically, this is the case with Satellite-based Internet connections as well.
Some mobile Internet Service Providers (ISPs) can provide a true public IP address for an extra fee, but not all do.
The solution to this problem is to use a service called ngrok, which allows you to set up a secure tunnel to your server in order to provide access to it from the Internet. Here’s how it works:
Setting Up ngrok
- Open a ngrok account via this page: https://dashboard.ngrok.com/user/signup
- This gives you an “auth token”
- Download the ngrok software from this page: https://ngrok.com/download
The download is a zip filed called “ngrok-stable-darwin-amd64”, which should go into your Downloads folder – if you double-click on this zip file, it expands to a “ngrok” executable tool. We suggest that you move the ngrok tool to your Applications folder, but you can put it anywhere and it will work in the same way.
Open Terminal (you’ll find it in /Applications/Utilities/) and type the following commands:
./ngrok authtoken <YOUR_AUTH_TOKEN>
./ngrok http 8000
In Terminal, it will then display a line like this:
Forwarding http://fd6a8bf7.ngrok.io -> localhost:8000
This means that the URL http://fd6a8bf7.ngrok.io now maps to SecuritySpy’s port 8000 on your Mac. You can use this URL any web browser (or use the address fd6a8bf7.ngrok.io in our SecuritySpy iOS app) in order to access SecuritySpy from anywhere over the Internet (note that the exact address will be different in your case).
Running ngrok Automatically Upon Startup
If you want the tunnel to SecuritySpy running all the time, even if you restart your Mac, do the following:
- Open TextEdit and create a new document
- Select the Make Plain Text option from the Format menu
- Enter the Terminal commands as described above
- Save this text file to your Documents folder with the name ngrok.command
Then, open Terminal, and copy and paste the following command, which sets the correct permissions for the script file you have just created:
chmod +x ~/Documents/ngrok.command
Finally, go to System Preferences, open the Users & Groups panel, click the Login Items tab, and drag and drop the ngrok.command file into the list of login items. It should look something like this:
- The tunnel remains operational only while the Terminal window is open and running the ngrok process; you can hide the Terminal window but do not close it.
- There are different ngrok account levels; the free service will give you an address that is different each time you start the tunnel, so is only useful for testing purposes. The basic service (currently at $5 per month) provides a reserved address, and is the one that most users will want to go for.
- If you prefer to connect using secure HTTPS, ngrok provides an HTTPS URL for this purpose, however in all cases the actual connection to SecuritySpy is via the standard HTTP port (default 8000). When using the HTTPS URL, the ngrok process running on your Mac encrypts all data before sending it via ngrok’s servers, so unencrypted data is not transferred over the Internet.