Help with zmNinja Setup for Internet Access

[Pembrae]

Please could I have some help with setting up zmNinja for access from the internet. I am new to ZoneMinder and zmNinja so please forgive me if I am making newbie mistakes.

I have installed ZoneMinder on my Ubuntu server and have added a single camera which all appears to be working OK. The zmNinja desktop app is working OK. The iOS app works OK when connected to my local LAN using the ip address of my Ubuntu server but I don't know how to set it up for access from the internet.

Apache appears to be working as I can access the page as I get the Apach2 Ubuntu default page when I access <Ubuntu server ip address>:80 from my LAN.

I have setup a port forward on my router but cannot access the Apache2 Ubuntu default page when trying to access using <router ip address>:80 from my LAN. Port forwarding in general appears to be working as I can access my Plex server externally using <router ip address>:32400 with a port forward setup on 32400.

I have tried entering the router ip address with :80 into zmNinja settings (e.g. ZM portal url = http://<router ip address>:80/zm) but this doesn't work which doesn't surprise me since I couldn't access <router ip address>:80 from my browser.

To compound the problem I am a Linux novice so if problem lies with Linux setup please pointers would be helpful.

Thanks.

[jperkins]

The zmNinja desktop app is working OK. The iOS app works OK when connected to my local LAN using the ip address of my Ubuntu server but

that is good . it shows that you can access your zoneminder via ip address. I usually turn that off to keep strangers from knocking on the door by the ip address. This is contolled in apache using the VirtualHost ServerName ServerAlias directives. you dont want that right now

I have setup a port forward on my router but cannot access the Apache2 Ubuntu default page when trying to access using <router ip address>:80 from my LAN.

It normally doesnt work this way. You cant access the public, aka router, ip from within the lan. Sometimes there is a feature called hairpin or reflection but it normally isnt turned on.

Port forwarding in general appears to be working as I can access my Plex server externally using <router ip address>:32400 with a port forward setup on 32400.

you need to setup your zoneminder in the same way in your router that you have plex setup just forwarding to a different port and probably ip address. I am assuming that plex server is on a different computer so they forwarding will be to a different internal ip address

When you want to test if your port forwarding is working, turn the wifi connection off on your phone and try to access the zoneminder server using the phones cellular network. That will bring you in from the 'outside'

I checked the ports that zmninja desktop app was opening and it was only opening the web port to zoneminder. Normally that would be port 80 unless you have it running on https, then it would be port 443

[tsp84]

<routerip> or <WAN IP> ?
You'll want your WANIP/zm/ if your port forwarding.

[burger]

I checked the ports that zmninja desktop app was opening and it was only opening the web port to zoneminder. Normally that would be port 80 unless you have it running on https, then it would be port 443

Let's be clear, if you are using ZM on the internet, you must use https/ssl encryption which is port 443 by default. There are some hints here: https://wiki.zoneminder.com/ZMNinja for setup.

There are guides on how to setup apache2 with https online, or in books. Start there.

[tsp84]

There seems to be support for non SSL built into zmes, so while you *should* have SSL, it isn't a hard requirement.

[jperkins]

<routerip> or <WAN IP> ?
You'll want your WANIP/zm/ if your port forwarding.

yes that is true. when accessing zm from the public side.
When setting up the port forwarding on the router, he will need the private ip of the zoneminder server.

[jperkins]

Let's be clear, if you are using ZM on the internet, you must use https/ssl encryption which is port 443 by default.

ZM will run on whatever port you have apache setup for. currently in my case it is a non standard port, as 80 and 443 were already in use on that server. SSL is also optional, but recomended. I believe the OP is having trouble poking a hole thru his router. additionally he may have a firewall on his server running ZM.

[kitkat]

The SSL thing may have some relevance here.

My zoneminder.conf has this at the top:

Code: Select all

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(zm)(.*) https://%{SERVER_NAME}/$1$2 [R,L]

That sends a "302 Found" response for non-SSL connections and forces the browser to redirect to an SSL/HTTPS connection by sending a Location header containing:

Code: Select all

Location	https://server.name/zm

So if port 443 were to be forwarded as well as port 80 then I reckon there's a good chance it'd work. Alternatively, remove the RewriteEngine/Cond/Rule directives above from /etc/zm/www/zoneminder.conf and just use port 80 (I'm not sure whether you'd have to configure zmNinja if you do it that way, mind).


e2a: Forwarding port 443 may not be enough on its own because the RewriteRule redirects to SERVER_NAME, which is probably unlikely to resolve via DNS or be a routeable address. One solution might be to change SERVER_NAME to HTTP_HOST in the RewriteRule.

e2a2: Whether using HTTP_HOST will work or not will depend on how the web server is configured - If /zm is served by the DefaultHost (as mine appears to be) then it probably will, but if /zm is served by a VirtualHost then the ServerName (or ServerAlias) directive would have to be (or include) the IP address or DNS name of the router's external WAN interface.

[burger]

There seems to be support for non SSL built into zmes, so while you *should* have SSL, it isn't a hard requirement.

You are right. Slight miscommunication. There are situations where ZM with HTTP over the internet is ok. If you have an environment where it doesn't matter if someone else logs in[1], or if you have some other type of firewall filtering in place. But, if we are giving advice to beginner folks about setting up internet access to ZM, we have to be clear that SSL is a requirement for all practical purposes (unless you know what you are doing, in which case, you wouldn't be reading such threads).

[1] Say if you setup a VPS with ZM, and then have it monitor websites or online video feeds.

[Pembrae]

Sorry for not keeping up with the posts above and thanks for the comments.
I have successfully got zmNinja working over the internet. The problem was with the port forwarding setup and not anything to do with ZM. I am using a Linksys Velop mesh and I hadn't quite got the Velop settings correct for the port forwarding. I have to setup a port forward in the router to the Velop and then a port forward from the Velop to the server and it was the later I had made an error with.

Following up on the comments above regarding SSL. Is there something additional I need to do with the zmNinja setup to incorporate SSL or since it is not working it is all OK?

[jperkins]

The problem was with the port forwarding setup and not anything to do with ZM.

Following up on the comments above regarding SSL. Is there something additional I need to do with the zmNinja setup to incorporate SSL or since it is not working it is all OK?

Glad you got it going. Congratulations. Can understand why you are concerned about SSL. Those comments sorta buried your original issue. Anyway I currently dont run zoneminder on SSL. I do have it password protected. I do run SSL on my other websites such as webmail, CMS , etc.

Since you are using Ubuntu and apache there is a free program/service called letsencrypt/certbot that will give you a free certificate and set it up for you . https://letsencrypt.org/ .Here is a tutuorial for ubuntu 20.04 https://www.digitalocean.com/community/ ... untu-20-04 . It talks about using an apache 'virtual host' config. I would get that going first if you are not using it.

Dont forget to add another port forwarding on your router for the SSL if you decide to use it. Just like you did for port 80 you will need to add one for port 443.