A bit of confusion with certificates

Support for the docker image maintained by dlandon
Post Reply
arkoko
Posts: 3
Joined: Tue Dec 08, 2020 5:32 pm

A bit of confusion with certificates

Post by arkoko »

Hi
I'm trying to figure out how and what certificates needs to be installed. I read in the guide:
Note that by default, this docker build runs ZM on port 443 inside the docker container and maps it to port 8443 for the outside world. Therefore, if you are configuring /etc/zm/objectconfig.ini or /etc/zm/zmeventnotification.ini remember to use https://localhost:443/<etc> as the base URL
So I understand that for working eventnotification hooks I should write in the secrets.ini file:

Code: Select all

ZM_PORTAL:https://localhost:443/zm
and:

Code: Select all

ES_CERT_FILE = /etc/apache2/ssl/zoneminder.crt
ES_KEY_FILE = /etc/apache2/ssl/zoneminder.key
Should I use default generated certificates for localhost there?
To access Zoneminder from outside the URL would be like https://mydomain.org:8443/zm and I have a Letsencrypt certificate for it. How can I use it?
I would like help resolving my confusion. And sorry for my English. Thanks.
Magic919
Posts: 1381
Joined: Wed Sep 18, 2013 6:56 am

Re: A bit of confusion with certificates

Post by Magic919 »

Outside world just means anything outside Docker. You could map to a different port for WAN access using your router.

ES_CERT is not for Apache access, it's for the ZMEventNotificationServer (ZMES).

For Apache you just need to point SSLCertificateFile and SSLCertificateKeyFile at cert.pem and privkey.pem (respectively) and they are below your /etc/letsencrypt/live/mydomain.org/ folder.
-
arkoko
Posts: 3
Joined: Tue Dec 08, 2020 5:32 pm

Re: A bit of confusion with certificates

Post by arkoko »

Thanks, it make sense.
I will try to separate apache and ES certs. I got confused because they are symlinked to the one place:

Code: Select all

root@zm:/# ls -l /etc/apache2/ssl/
lrwxrwxrwx 1 root root 21 Dec 11 00:54 zoneminder.crt -> /config/keys/cert.crt
lrwxrwxrwx 1 root root 21 Dec 11 00:54 zoneminder.key -> /config/keys/cert.key
Post Reply