How do I get zm to be https instead of http???

Support and queries relating to all previous versions of ZoneMinder
Locked
aalhard
Posts: 11
Joined: Thu Nov 06, 2008 6:11 am

How do I get zm to be https instead of http???

Post by aalhard »

I have been beating myself sore looking for how

I just spent an hour typing long cryptic commands to make ssl keys and certs only to get hung in the middle and not be sure I was doing the right thing anyway


the are no posts in the forums about changing the zoneminder server to https

is that because it does not work?
User avatar
cordel
Posts: 5210
Joined: Fri Mar 05, 2004 4:47 pm
Location: /USA/Washington/Seattle

Post by cordel »

It's a function of apache, not ZM.
It does work just fine. Search for "apache ssl" on the apache web site and that should get you going.
aalhard
Posts: 11
Joined: Thu Nov 06, 2008 6:11 am

good start

Post by aalhard »

I am digging through it now
I have installed the mod-ssl , found it to give a cryptic error
needed access to zmbox so I uninstalled mod-ssl thinking I would get back regular access
nope
now I am forbbiden

not asking you to solve apache issues, just giving an update on my regress

thanks for your support
aalhard
Posts: 11
Joined: Thu Nov 06, 2008 6:11 am

ok is it zm now or still apache?

Post by aalhard »

I can see the directory and all the files
but I dont get the zoneminder interface

I can click on index.php but all that happens is my browser asks me if I want to download the file


what have I broken?
User avatar
cordel
Posts: 5210
Joined: Fri Mar 05, 2004 4:47 pm
Location: /USA/Washington/Seattle

Post by cordel »

Sounds like PHP is not parsing the scripts. Should be a good clue in the apache error logs. Hopefully you made backups of anything you changed?
aalhard
Posts: 11
Joined: Thu Nov 06, 2008 6:11 am

Post by aalhard »

No
I did not back up httpd.conf
Yes
That was stupid
I normally would.
I guess fate had scheduled a reminder for me of why.

I could see nothing in the error log

but I did find that the mod_php line had been erased
I can only think that the mod_ssl pkg overwrote httpd.conf because I certainly did not delete the loadmodule directive for php

anyway, after putting
LoadModule php5 extramodules/mod_php5.so
back in /etc/httpd/conf/httpd.conf and restarting apache, everything was back to normal http access
I think https setup is too secure for me
throwgood
Posts: 18
Joined: Mon Oct 27, 2008 10:33 pm

Post by throwgood »

You can simply setup a virtual host and redirect all requests from http://<servername> to https://<server name>. ZM should be listening on both 80 and 443. I am using CentOS 5.2. Look at your httpd.conf file in /etc/httpd/conf/httpd.conf. You will see a section at the end like this

### Section 3: Virtual Hosts
#
# Setup Virtual host for port 80 to redirect to 443. SSL.conf loads mod_ssl
# defines the https virtual host
#
#NameVirtualHost *:80
#
#<VirtualHost *:80>
# ServerName <FQDN>
# ServerAlias <server name>
# Redirect / https://<server name>

By FQDN I mean servername.domain.name. This will setup a virtual host listening on port 80. When the request comes in it redirects it to http://<server name>. Also note that I do not run any other services on this box so I am free to use both 80 and 443. If you serve other sites make sure to setup a virtual host for that as well. If you need more information check the links below.

Virtual Hosts
http://httpd.apache.org/docs/2.2/vhosts/

Redirects
http://httpd.apache.org/docs/2.2/rewrite/

Hope this helps.
aalhard
Posts: 11
Joined: Thu Nov 06, 2008 6:11 am

Post by aalhard »

unfortunately
I do not have access to port 80 or 443
so any setup that assumes traffic across those ports does not work for me

I have only one port forwarded to my zm box (7355)
throwgood
Posts: 18
Joined: Mon Oct 27, 2008 10:33 pm

Post by throwgood »

Question:

when you access the box locally can you open http://<zoneminder ip> and https://<zoneminder ip>?

If you can, all you do is created the virtual host I mentioned above all requests from the outside to port 7355 will go to zm port 80 which will then be redirected to https://<zoneminder ip>. If I am not understanding your setup explain it in more detail so I don't have to guess. As for now I understand your setup to be <internet>----> <firewall:7355> ----> ZM box.
aalhard
Posts: 11
Joined: Thu Nov 06, 2008 6:11 am

Post by aalhard »

throwgood wrote:Question:

when you access the box locally can you open http://<zoneminder> and https://<zoneminder>?

If you can, all you do is created the virtual host I mentioned above all requests from the outside to port 7355 will go to zm port 80 which will then be redirected to https://<zoneminder>. If I am not understanding your setup explain it in more detail so I don't have to guess. As for now I understand your setup to be <internet>----> <firewall> ----> ZM box.
ahh
I see now, I will try that
I have been studying apache to solve other dilemas as well
I have learned how to use it to allow access to my Mythtv box through the same single port using a reverse proxy
Now that I have more knowledge of httpd.conf I can grok what you are saying.
I will reinstall mod_ssl and try it out

let you know......
undert0wn
Posts: 2
Joined: Sun May 06, 2018 2:45 pm

Re: How do I get zm to be https instead of http???

Post by undert0wn »

This took me a while to work out but THIS digitalocean walkthrough on SSL certs and redirection was exactly what I needed to point my http://FQDN to https://FQDN/zm (or http://IP to https://IP/zm if you don't have a LOCAL_DNS running).

Under the "HTTPS" section, the only change I made was:

Redirect "/" "https://your_domain_or_IP/"
to
Redirect "/" "https://your_domain_or_IP/zm"

Hope this helps.
Locked