Need help with SSL and Zmninja

Discussion topics related to mobile applications and ZoneMinder Event Server (including machine learning)
Post Reply
RockUser
Posts: 20
Joined: Sun Jan 05, 2020 6:43 am

Need help with SSL and Zmninja

Post by RockUser »

Hello, I recently got Zoneminder installed in my network and I made some self signed certificates to get https working. I had the hardest time getting zmNinja working on my phone. The login portal was found at myServerIpAddress/zm and the Zm Api was found at the myServerIpAddress/zm/api but the cgi-bin path wasn't found until I switched the connection from https to http. I read that Zm Ninja doesn't work well with self signed certificates and so I just switched over to http to make sure my zoneminder install wasn't messed up :P Zm Ninja works just fine after that.
My question was, to make non self signed certificates with something like Let's Encrypt, do I need to own some domain name to associate the certificate with? Let's Encrypt doesn't like when I just use the local ip address of the machine that's running Zoneminder. I don't plan to port forward to get remote access to it; I'm gonna use something like OpenVPN to get access to my zoneminder cameras, so https isn't super important. But I was looking at this guide https://zmeventnotification.readthedocs ... stall.html
And it was saying that I need SSL to get images in my push notifications; I would like to get push notifications working with ZMNinja because it really is a handy app, much better than logging into the web interface. But I don't know how to generate the Let's Encrypt certificates for SSL without owning a domain name. I don't know why all these guides for Let's Encrypt say it's a free way to generate CA signed certificates if I have to own some domain to use it. https://www.tecmint.com/install-free-le ... nd-ubuntu/
Or this guide https://geekflare.com/free-ssl-tls-certificate/
I'm new to networking in general and I just don't get what I need to do to get Zm Ninja push notifications working with images. Can anyone help me?
RockUser
Posts: 20
Joined: Sun Jan 05, 2020 6:43 am

Re: Need help with SSL and Zmninja

Post by RockUser »

I think I found a solution to my problem with Let's Encrypt needing some sort of domain name; I think I can just use something like no ip dot com to get a free domain that my public ip address can point to. Then I can port forward a rasberry pi running openvpn passed my router so I can access that remotely. Hopefully that works.
User avatar
snake
Posts: 337
Joined: Sat May 21, 2016 2:20 am

Re: Need help with SSL and Zmninja

Post by snake »

RockUser wrote: Sun Jan 05, 2020 7:00 am I read that Zm Ninja doesn't work well with self signed certificates
Where did you see that? As far as I know, self signed certs work OK with ZMninja. I can't speak for zmeventnotification server though.
User avatar
asker
Posts: 1553
Joined: Sun Mar 01, 2015 12:12 pm

Re: Need help with SSL and Zmninja

Post by asker »

Not sure which guides you are reading, but zmNinja does not have an issue with self signed certificates. That being said, if you are able to get a domain name (free), use LetsEncrypt.


There are multiple options:

1. You go the LetsEncrypt way. In this case, get a free domain name. There are many free providers, I use duckdns.org - I used to use ddns before but they kept asking me to login every 30 days. Once you have a domain, set up LetsEncrypt for it. You're done.

2. If you go the self signed way, see https://zmninja.readthedocs.io/en/lates ... gned-certs. Note that on Android, you many need to also install that certificate on your phone if you get this issue: https://zmninja.readthedocs.io/en/lates ... in-android

3. Yes, for push notifications to work via zmES, you'll need option 1.

4. In general, always read the official FAQ thoroughly (repeat, thoroughly) first - most questions are answered there. If they are not feel free to suggest an edit. The problem is a lot of 3rd party guides/blogs/articles may be outdated.
I no longer work on zmNinja, zmeventnotification, pyzm or mlapi. I may respond on occasion based on my available time/interest.

Please read before posting:
How to set up logging properly
How to troubleshoot and report - ES
How to troubleshoot and report - zmNinja
ES docs
zmNinja docs
RockUser
Posts: 20
Joined: Sun Jan 05, 2020 6:43 am

Re: Need help with SSL and Zmninja

Post by RockUser »

Thank you for the replies. I was looking into Let's Encrypt and I realize that I have to be portforwarding port 80 on the machine that's running zoneminder in order to have CA signed certificates. I didn't realize that at first and I kinda want to keep my zoneminder server's direct exposure to the internet to a minimum which is why I was gonna use a vpn to connect to it. I think I'll keep using ZM Ninja because it's handy as opposed to logging on to a machine but I think I'll try it with the vpn.
Thanks for the advice though :D
User avatar
asker
Posts: 1553
Joined: Sun Mar 01, 2015 12:12 pm

Re: Need help with SSL and Zmninja

Post by asker »

This link may be useful https://letsencrypt.org/docs/allow-port-80/

You have other mechanisms (DNS-01 is one) if you don’t want to expose 80.
I no longer work on zmNinja, zmeventnotification, pyzm or mlapi. I may respond on occasion based on my available time/interest.

Please read before posting:
How to set up logging properly
How to troubleshoot and report - ES
How to troubleshoot and report - zmNinja
ES docs
zmNinja docs
Post Reply