Difference between revisions of "ZMNinja"

From ZoneMinder Wiki
Jump to navigationJump to search
Line 40: Line 40:
[https://wiki.zoneminder.com/Ubuntu_Install_ZoneMinder_on_Ubuntu_Server#Hardening_Webserver]
[https://wiki.zoneminder.com/Ubuntu_Install_ZoneMinder_on_Ubuntu_Server#Hardening_Webserver]


SSL should be the only port accessible via WAN.
SSL should be the only port accessible via WAN. SSL certificates should be setup.


Fail2ban is recommended.
Fail2ban is recommended.

Revision as of 11:00, 30 October 2020

ZMNinja is a program that allows cellphone and desktop access to ZM. Cellphone access is $5 per mobile device. Desktop access is free. Desktop access can be used to test and verify your ZMNinja setup is working, whereby then you can add a mobile phone with a reasonable expectation it will work.

This is the community wiki documentation on ZMNinja. Please refer to the official docs for more information. https://zmninja.readthedocs.io

Setting up ZMNinja - serverside

Typically when setting up ZMNinja you will be doing so for WAN access. This will require the following:

  • Confirm API is working (see API)
  • Enable SSL for apache (covered briefly in API page above)


There isn't much more to it than that. If your API is working, and you have SSL working, then ZMNinja should do its job.

This assumes you have installed ZM properly. The easiest (and most maintained) guides are Debian, and Ubuntu.

Setting up ZMNinja - client

The next step is to download ZMNinja Pro from your app store (or if using a desktop, the x86 binary from the releases of the git repo),

  1. Enable ZM Authentication
  2. Enable Low bandwidth mode
  3. Add username and password (this will only be typed once, then ZMNinja will save it.)
  4. Type in the IP address into the paths

The rest of ZMNinja can be left at defaults. The paths can look something like this (Note that usually it autofills partway for you, once you type in the IP):

ZM Portal URL: https://WANIPOFSERVER/zm/
path to cgi-bin: https://WANIPOFSERVER/zm/cgi-bin
ZM api url:        https://WANIPOFSERVER/zm/api

Instructions for Mobile Phone Client ZMNinja

Instructions for Mobile Phone Client ZMNinja

Security

It is recommended to have strong passwords for ZMNinja on the WAN. One method to isolate your network from a potentially vulnerable Zoneminder system on the WAN is to have a separate static IP for your camera network, and then have all of your office LAN use ZMNinja out to the WAN and back to view cameras.

See also: [1]

SSL should be the only port accessible via WAN. SSL certificates should be setup.

Fail2ban is recommended.

Geoblocking is a good idea. There are guides online for geoblocking such as:

e.g.

#apt-get install libapache2-mod-geoip 
#a2enmod geoip 

geoip.conf

<IfModule mod_geoip.c>
 GeoIPEnable On
 GeoIPDBFile /usr/share/GeoIP/GeoIP.dat  #NOTE: ipv6 requires another file, see /usr/share/GeoIP.
</IfModule>

Now, edit your /etc/apache2/conf-available/zoneminder.conf to look something like this:

Alias /zm /usr/share/zoneminder/www
<Directory /usr/share/zoneminder/www>
 Options -Indexes +FollowSymLinks
 <IfModule mod_dir.c>
   DirectoryIndex index.php
 </IfModule>
       AllowOverride FileInfo Options
       SetEnvIf GEOIP_COUNTRY_CODE FR AllowCountry
       Deny from all
       Allow from env=AllowCountry
</Directory>


php test script (note: remove html comment tags)

<!--?php $country_name = apache_note("GEOIP_COUNTRY_NAME"); echo "Land: " . $country_name; ?-->

Note that more configuration on zoneminder.conf will be needed, but the above should at least show you that it's working. Beware that existing connections may need to time out if one is open.

Troubleshooting

If you have trouble, refer to the Debug Logs included in ZMNinja. ZMNinja also has extensive docs.

For further information, refer to the official docs.