This app is a third-party client and is not officially affiliated with the Frigate project.
Securex Nvr Support
Language
Login Register
Securex Nvr · Support Center

Everything You Need to Connect, Configure, and Troubleshoot

Use this page to connect the Securex Nvr app to your self-hosted server, choose the correct HTTP or HTTPS setup, resolve common connection problems, and configure push notifications through Push Relay.

⬇️ Download the App 📘 Open Frigate Docs
HTTP Default
5000
HTTPS Default
8971
Supported Access
LAN / Tailscale / Domain

Local IP

Best for home LAN access with a direct connection to your NVR server.

Tailscale IP

Great for private remote access without exposing your server publicly.

Domain Name

Best for custom HTTPS access with cleaner URLs and easier sharing across devices.

Overview

ℹ️ About the App

Securex Nvr is an independent mobile viewer for your own self-hosted, Frigate-compatible NVR server.

What you can do

  • View live camera streams in real time.
  • Browse recorded events and play back footage.
  • Receive push notifications for motion and object detections.
  • Choose which cameras and events you want to follow.

Privacy and ownership

The app connects only to your own compatible NVR installation. Your streams, events, and recordings stay on your own server. The app does not upload your private video data to our servers.

Quick Start

✨ Setup Highlights

These are the most important connection rules to remember.
🌐

HTTP Port

Standard HTTP connections usually use 5000.

🔒

HTTPS Port

Secure HTTPS connections usually use 8971.

⚙️

Prefer HTTPS

If your server or domain uses HTTPS, you must enable Prefer HTTPS.

🧾

Self-Signed Certs

If your HTTPS certificate is self-signed, also enable Ignore Certificate Error (self-signed).

Connection Setup

📘 Help & Setup

You can also refer to the official documentation: docs.frigate.video
Recommended setup logic

Use HTTP for a simple local setup, and use HTTPS when your compatible NVR server is configured for encrypted secure access.

Default HTTP Port
5000
Use this for standard HTTP connections.
Default HTTPS Port
8971
Use this for secure HTTPS connections.
1

IP / Tailscale IP

Enter your LAN IP or Tailscale IP directly. Use port 5000 for HTTP, or 8971 for HTTPS.

2

Domain Name

If you use a domain, you usually do not need to enter a port manually.

3

HTTPS Options

HTTPS requires Prefer HTTPS. Self-signed HTTPS also requires the certificate ignore option.

Important for HTTPS users

If you use HTTPS, such as the default 8971 port, you must enable the correct app options for the connection to work properly.

Required app options for HTTPS

  • Enable Prefer HTTPS
  • Enable Ignore Certificate Error (self-signed) when needed
Why it may work in a browser but fail in the app

Browsers sometimes cache or accept certificate exceptions. The app still validates the connection independently, so the same address may open in a browser but fail in the app until the proper options are enabled.

HTTP → Port 5000HTTPS → Port 8971Domain → Usually no manual portHTTPS Domain → Enable Prefer HTTPS
Tip: If the address works in a browser but not in the app, check the protocol, the port, and the HTTPS-related settings first.
Domain / Reverse Proxy

🧭 Reverse Proxy Guide

Recommended when you want to access your compatible NVR server through a domain name in aaPanel / BaoTa / Nginx.

Recommended structure

  • Use your domain on HTTPS 443 for public access.
  • Forward the main UI and standard API entry to the HTTP service on port 5000.
  • Forward /api/, /live/, /hls/, /vod/, and /ws/ to 8971 for media, HLS, VOD, and streaming traffic.
  • Forward /api/go2rtc/ws directly to go2rtc port 1984; this path is important for two-way talk.

Why 5000, 8971, and 1984 are split

  • 5000 is typically used for the main UI and standard HTTP entry.
  • 8971 is typically used for HTTPS API, media, HLS, VOD, and streaming related traffic.
  • 1984 is the go2rtc API port. Two-way talk uses the go2rtc WebSocket endpoint /api/ws through /api/go2rtc/ws.
aaPanel / BaoTa notes

In aaPanel / BaoTa, create the site normally, enable SSL for the domain, and then paste the following Nginx rules into the site configuration file. Replace YOUR_FRIGATE_SERVER_IP with your real server IP.

# Securex Nvr reverse proxy example # Put these location blocks inside your Nginx server {} block. # Replace YOUR_FRIGATE_SERVER_IP with your Frigate / compatible NVR server IP. # Example: 192.168.1.210 or your Tailscale IP. # If your upstream 8971 is not HTTPS, change https:// to http://. # Frigate API / UI location / { proxy_pass http://YOUR_FRIGATE_SERVER_IP:5000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } # go2rtc WebSocket: required for two-way talk location = /api/go2rtc/ws { proxy_pass http://YOUR_FRIGATE_SERVER_IP:1984/api/ws; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_buffering off; proxy_cache off; proxy_read_timeout 3600s; proxy_send_timeout 3600s; } # Compatible /api/ws location = /api/ws { proxy_pass https://YOUR_FRIGATE_SERVER_IP:8971; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_ssl_verify off; proxy_buffering off; proxy_cache off; proxy_read_timeout 3600s; proxy_send_timeout 3600s; } # Frigate API / go2rtc API location /api/ { proxy_pass https://YOUR_FRIGATE_SERVER_IP:8971; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_ssl_verify off; proxy_buffering off; proxy_cache off; proxy_read_timeout 3600s; proxy_send_timeout 3600s; } # Live / JSMpeg / WebSocket location /live/ { proxy_pass https://YOUR_FRIGATE_SERVER_IP:8971; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_ssl_verify off; proxy_buffering off; proxy_cache off; proxy_read_timeout 3600s; proxy_send_timeout 3600s; } # HLS location /hls/ { proxy_pass https://YOUR_FRIGATE_SERVER_IP:8971; proxy_ssl_verify off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_buffering off; proxy_cache off; proxy_read_timeout 3600s; } # VOD location /vod/ { proxy_pass https://YOUR_FRIGATE_SERVER_IP:8971; proxy_ssl_verify off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_buffering off; proxy_cache off; proxy_read_timeout 3600s; } # Compatible old /ws/ location /ws/ { proxy_pass https://YOUR_FRIGATE_SERVER_IP:8971; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_ssl_verify off; proxy_buffering off; proxy_cache off; proxy_read_timeout 3600s; proxy_send_timeout 3600s; }

App side settings

  • If you use a domain with HTTPS, enable Prefer HTTPS in the app.
  • If your upstream 8971 uses a self-signed cert, enable Ignore Certificate Error (self-signed) when needed.
  • Most domain based setups do not need a manually entered port.

Common reverse proxy mistakes

  • Only proxying 5000 and forgetting 8971 media/API paths.
  • Forgetting WebSocket upgrade headers on /api/go2rtc/ws, /api/ws, /api/, /live/, or /ws/.
  • Forgetting proxy_ssl_verify off when the upstream 8971 certificate is self-signed.
  • Entering an extra port in the app even though the domain already terminates on standard HTTPS 443.
  • Not exposing or forwarding go2rtc WebRTC traffic when using two-way talk.
Examples

🔌 Connection Examples

Match your setup to one of these common connection examples.

Example 1 · Local HTTP

  • Address: 192.168.1.210
  • Port: 5000
  • Prefer HTTPS: Off
  • Ignore Certificate Error: Off

Example 2 · Local HTTPS

  • Address: 192.168.1.210
  • Port: 8971
  • Prefer HTTPS: On
  • Ignore Certificate Error (self-signed): On

Example 3 · Tailscale IP

  • Address: your Tailscale IP
  • Port: depends on HTTP or HTTPS
  • HTTP → usually 5000
  • HTTPS → usually 8971

Example 4 · Domain Name

  • Address: demo.example.com
  • Port: usually not needed
  • HTTPS domain → enable Prefer HTTPS
  • Self-signed HTTPS → also enable certificate ignore option if needed
Troubleshooting

🛠 Common Connection Problems

Expand these items for the most common fixes.
The server opens in a browser, but the app still fails
Check whether the app is using the correct protocol. If your server is HTTPS, enable Prefer HTTPS. If the certificate is self-signed, also enable Ignore Certificate Error (self-signed).
I entered an IP address, but it still does not connect
Make sure the correct port is used. For normal HTTP, use 5000. For HTTPS, use 8971. Also confirm that your Frigate server is reachable from your current device.
I am using a domain name. Do I need to enter a port?
Usually no. Domain-based access normally does not require manually entering a port. If the domain uses HTTPS, enable Prefer HTTPS.
Why do I get certificate-related errors?
This usually happens when the server uses a self-signed certificate. In that case, enable Ignore Certificate Error (self-signed).
Does Tailscale work?
Yes. You can use your Tailscale IP like a local address. The key is still choosing the correct protocol and port: HTTP usually uses 5000, and HTTPS usually uses 8971.
Two-way talk connects, but there is no sound
Two-way talk requires a camera that supports two-way audio or RTSP backchannel. It also requires go2rtc WebRTC to work. If the camera itself does not support talk/backchannel, the app cannot enable it by software only.
Two-way talk fails through a domain or reverse proxy
Make sure /api/go2rtc/ws is proxied to go2rtc port 1984 with WebSocket upgrade headers. Also expose go2rtc WebRTC candidates, commonly 8555 TCP and UDP, when your deployment requires it.
Birdseye is shown, or Birdseye is missing
Birdseye is controlled by the server configuration. If you do not want Birdseye to appear in the app, disable Birdseye on the server. If you expect it but it does not appear, confirm that Birdseye is enabled and available from the server.
Live view works, but playback, HLS, or VOD fails
This is usually a reverse proxy path issue. Confirm /api/, /live/, /hls/, /vod/, /ws/, and /api/ws are proxied with the correct upstream, WebSocket headers where needed, and proxy buffering disabled for streaming paths.
Recordings or live streams have no audio
The camera stream must actually contain audio, and the server must be configured to keep audio for recording. Some live modes such as MJPEG/JSMPEG do not carry audio; use MSE/WebRTC/RTSP-capable playback when audio is needed.
Checklist

✅ Before You Contact Support

Please check these items first. Most connection issues are solved here.
Verify the address
Make sure you entered the correct LAN IP, Tailscale IP, or domain name.
Verify the port
Use 5000 for HTTP and 8971 for HTTPS, unless your server is configured differently.
Verify HTTPS settings
If your server uses HTTPS, enable Prefer HTTPS. If the certificate is self-signed, also enable the ignore certificate option.
Verify browser reachability
Confirm the same address can be opened on the same device network in a browser first.
Verify your Frigate server status
Make sure the Frigate instance is actually running and listening on the expected protocol and port.
Verify HTTPS domain behavior
If you are using a domain with HTTPS, enable Prefer HTTPS. Most domain setups do not need a manually entered port.
Verify two-way audio support
Two-way talk only works when the camera and go2rtc support talk/backchannel. It cannot be added only from the app side.
Verify reverse proxy streaming paths
Check /api/, /live/, /hls/, /vod/, /ws/, /api/ws, and /api/go2rtc/ws, especially WebSocket upgrade headers.
Verify Birdseye server config
Birdseye display is controlled by the server. Disable it on the server if you do not want it shown, or enable it if you expect it to appear.
App Packages

⬇️ App Downloads

Download the Securex Nvr app for your platform.
Android
Android APK
Direct APK download for Android devices. Best for users who want quick installation outside the Play Store.
📱 Download for Android
iPhone & iPad
iOS App
Download the iOS version from the App Store for iPhone and iPad with the latest official release.
🍎 Download for iOS
MacOS
Mac Package
Install the desktop version for Mac to access your compatible NVR server from a larger screen environment.
🍎 Download for Mac
Windows
Windows Package
Install the desktop version for Windows to access your compatible NVR server from a larger screen environment.
🖥️ Download for Windows
Push Notifications

🔥 FCM Push Relay Setup Guide

Complete these five steps to enable push notifications through the Securex Nvr Push Relay.
1

Install the patch

Run the Push Relay backend patch inside the Frigate container.

2

Restart Frigate

Restart the Frigate container after the patch is installed.

3

Register and get a key

Create a Relay account, then generate your Relay API Key from the dashboard.

4

Open /fcm-runtime.html

Open the Frigate runtime page from your own Frigate server.

5

Save settings

Paste the Relay URL, Relay API Key, and Instance ID, then save.

1. Install the Frigate Push Relay patch

Run these commands on the host machine where the Frigate container is running. The patch will be downloaded inside the container.Note: Currently only supports Frigate 0.17.1.

docker exec -it frigate bash cd /tmp rm -rf frigate_patch rm -f frigate_patch.zip wget -O frigate_patch.zip https://tynvr.147lab.com/frigate_patch.zip unzip frigate_patch.zip -d . cd frigate_patch python3 apply_fcm_runtime_only_patch.py exit

2. Restart Frigate

docker restart frigate

3. Register and get your Relay API Key

  1. Open the Relay registration page.
  2. Create an account or log in.
  3. Open the dashboard and click Generate API Key.
  4. Copy the generated key. The full key is only shown once.
Relay panel: https://tynvr.147lab.com/register.php

4. Open the Frigate runtime page

After Frigate restarts, open this page from your own Frigate server.

http://your-frigate-address/fcm-runtime.html

5. Save Push Relay settings

Fill in the Relay settings, click Save, then use the test button to verify notifications.

Relay URL: https://tynvr.147lab.com/v1/fcm/send/ Relay API Key: Paste the key generated in the Relay dashboard Instance ID: home-frigate

6. Backup, restore, and rollback

The patch automatically creates a backup before replacing backend files, fcm-runtime.html, or modifying the Frigate database.

What is backed up

  • Frigate backend files that will be overwritten.
  • /config/frigate.db before database migration.
  • fcm-runtime.html in detected static web folders.

Default backup folder

/config/frigate_patch_backups/
If anything goes wrong after installation, restore the latest backup first, then restart the Frigate container.

7. View backups and create a backup only

docker exec -it frigate bash cd /tmp/frigate_patch # View all backups python3 apply_fcm_runtime_only_patch.py --list-backups # Create a backup only, without patching python3 apply_fcm_runtime_only_patch.py --backup-only # Use a custom backup folder when needed FRIGATE_PATCH_BACKUP_DIR=/config/frigate_patch_backups python3 apply_fcm_runtime_only_patch.py --list-backups exit

8. Restore / rollback commands

Use latest for the most recent backup, or use a timestamp shown by --list-backups.

docker exec -it frigate bash cd /tmp/frigate_patch # Restore the latest backup python3 apply_fcm_runtime_only_patch.py --restore latest # Or restore a specific timestamp backup python3 apply_fcm_runtime_only_patch.py --restore 20260511_120000 exit # Restart Frigate on the Docker host docker restart frigate
Support

💬 Contact Us

GitHub Support

For setup help, troubleshooting, updates, or issue tracking, please visit the GitHub project page:

github.com/eisongao/TY-NVR

Documentation

For Frigate server configuration and official technical references:

docs.frigate.video

Project Website

Learn more about the open-source Frigate project:

frigate.video

Securex Nvr App Support
This support page is designed for users of the Securex Nvr mobile app. It provides setup help, connection guidance, troubleshooting tips, download links, and Push Relay notification instructions.
Help & Setup Reverse Proxy Downloads Push Relay Contact

Legal

© 147Lab. All rights reserved.
This app is a third-party client and is not officially affiliated with the Frigate project.