zmNinja works, but is my API or Nginx proper?

Discussion topics related to mobile applications and ZoneMinder Event Server (including machine learning)
Post Reply
ChrisNeedsGoodAdvice
Posts: 6
Joined: Fri Jul 30, 2021 10:03 pm

zmNinja works, but is my API or Nginx proper?

Post by ChrisNeedsGoodAdvice »

zmNinja works well on home network (iOS and Desktop) but some of these tests below leave me wondering if there maybe be some underlying issues with my server. And since zmNinja is working, do I still need to manually create API keys via curl?

FYI, I had changed my Apache2 port from 80 because I thought it was the right thing to do for local security with tunneling remote devices via VPN.

[url]http://192.168.X.xx:XxXx/zm/api/[/url] returns CakePHP Error:
The requested address '/zm/api/' was not found on this server.
[url]http://192.168.X.xx:XxXx/zm/api/monitors.json[/url] returns all my monitors parameters.

[url]http://192.168.X.xx:XxXx/zm/api/host/getVersion.json[/url] returns:
Version 1.36.5 & API Version 2.0

Code: Select all

curl -XPOST -c cookies.txt -d "user=admin&pass=XxXxXxXx&stateful=1" https://192.168.X.xx:XxXx/zm/api/host/login.json
returns: curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number

Code: Select all

curl -XGET http://192.168.X.xx:XxXx/zm/api/configs.json
returns: {"success":false,"data":{"name":"Not Authenticated","message":"Not Authenticated","url":"\/zm\/api\/configs.json","exception":{"class":"UnauthorizedException","code":401,"message":"Not Authenticated"}}}


Zoneminder 1.36.5 Installed as per it's own Installation Guide "Easy Way: Ubuntu 18.04 (Bionic)"
Xubuntu 20.04.3


Thanks for a great app and great support.
Chris
Top
tsp84
Posts: 227
Joined: Thu Dec 24, 2020 4:04 am

Re: zmNinja works, but is my API or Nginx proper?

Post by tsp84 »

ChrisNeedsGoodAdvice wrote: Thu Aug 26, 2021 8:58 pm zmNinja works well on home network (iOS and Desktop) but some of these tests below leave me wondering if there maybe be some underlying issues with my server. And since zmNinja is working, do I still need to manually create API keys via curl?

FYI, I had changed my Apache2 port from 80 because I thought it was the right thing to do for local security with tunneling remote devices via VPN.

[url]http://192.168.X.xx:XxXx/zm/api/[/url] returns CakePHP Error:
The requested address '/zm/api/' was not found on this server.
[url]http://192.168.X.xx:XxXx/zm/api/monitors.json[/url] returns all my monitors parameters.

[url]http://192.168.X.xx:XxXx/zm/api/host/getVersion.json[/url] returns:
Version 1.36.5 & API Version 2.0

Code: Select all

curl -XPOST -c cookies.txt -d "user=admin&pass=XxXxXxXx&stateful=1" https://192.168.X.xx:XxXx/zm/api/host/login.json
returns: curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number

Code: Select all

curl -XGET http://192.168.X.xx:XxXx/zm/api/configs.json
returns: {"success":false,"data":{"name":"Not Authenticated","message":"Not Authenticated","url":"\/zm\/api\/configs.json","exception":{"class":"UnauthorizedException","code":401,"message":"Not Authenticated"}}}


Zoneminder 1.36.5 Installed as per it's own Installation Guide "Easy Way: Ubuntu 18.04 (Bionic)"
Xubuntu 20.04.3


Thanks for a great app and great support.
Chris

I am not exactly sure what you are asking? Is everything working correctly for you when you are outside of your LAN? Why are you using curl ? to just test the endpoints? you can get the token, save it to a file or ENV variable and then use that token in your headers instead of using the cookie. But again why are you using curl?

Edit: ok for your https error, the hostname you are connecting to is your IP, do you have https certificate for your IP? because by default curl does hostname verification on its calls unless you turn it off. This means when you send that request you are asking the server for its CN name in its certificate and verifying that the address you are trying to talk to is indeed the same one listed in the certificate. So if you have a cert for myzmserver.example.com and are trying to connect to it via 192.xxx.xxx.xx the hostname verification will FAIL.

2nd, the unauthorized request is because you are not sending it your user&pass or a JWT auth token. This means you are asking the API for information without sending any sort of auth to let it know you are allowed to see those things. -> request an auth token, save it to file and then incluse it with your headers i your requests to curl and also set the flag for no ssl verification.

https://nieldw.medium.com/using-curl-to ... b7fac506bd

curl -k/--insecure to turn off hostname verification

Also as a side note do you have your reverse proxies forwarding the IP addresses correctly for fail2ban to work with? If you would like to have 2FA check into using authelia to secure the /zm webgui with TOTP. If you are looking for more info on it I can point you in the right direction, it isn't too hard. I have it because i'm paranoid but in my logs I don't really see anyone blasting the ZM logins and I have ZM open to the world.

The tricky part with authelia is the rules to bypass the api, cgi, and php view endpoints.
Top
ChrisNeedsGoodAdvice
Posts: 6
Joined: Fri Jul 30, 2021 10:03 pm

Re: zmNinja works, but is my API or Nginx proper?

Post by ChrisNeedsGoodAdvice »

The support is greatly appreciated. But this is beyond my understanding. I may request paid support.


Thank you,
Chris
Top
Post Reply

Return to “Mobile Apps and Event Server”