Linux Mint/ZM remote access

Previous development branch now released as 1.36
Locked
drhiii
Posts: 10
Joined: Sat Sep 07, 2019 11:04 pm

Linux Mint/ZM remote access

Post by drhiii »

Opinions on running a Linux Mint/Zoneminder installed system on the DMZ of a modem/router for remote access??? Or, recommendations on latest/current HowTo accessing ZM behind a modem/router (Xfinity). Have searched and tried stuff but no go so far. Pointers? tx
Jiggledad
Posts: 1
Joined: Tue May 11, 2021 11:26 am

Re: Linux Mint/ZM remote access

Post by Jiggledad »

This is basically what I'm running currently (Mint + ZM with remote access), with one important caveat. Don't just expose the machine to the internet with the DMZ, it's a huge hole in your network security for bad actors to jump right through (nothing is perfectly secure, but you don't have to make it easy for them).

I would recommend getting a free subdomain from freedns.afraid.org, and follow their instructions to set up DDNS (in case your IP changes). Then I personally use Caddy as a reverse proxy to point my subdomain at the port for Zoneminder (I believe you can do this with the Apache server ZM already uses, but I already had Caddy reverse proxying 4 other services, so it made sense for me. Nginx is also a popular option for reverse proxy.) This allows you to hide what you're exposing to the internet a bit, and you only need to expose 2 ports for the reverse proxy to work for remote access. Other than that, use good secure passwords, and if you want more security, enable 2-factor authentication.
User avatar
bkjaya1952
Posts: 282
Joined: Sat Aug 25, 2018 3:24 pm
Location: Sri Lanka

Re: Linux Mint/ZM remote access

Post by bkjaya1952 »

rockedge
Posts: 1173
Joined: Fri Apr 04, 2014 1:46 pm
Location: Connecticut,USA

Re: Linux Mint/ZM remote access

Post by rockedge »

Hiawatha is very good at reverse proxy with ZM, easy to configure. Not to bad with Apache.

I agree the easiest way is to set up a Dynamic DNS service with an IP updater running on the local machine and access ZM via web console through a URL (or zmNinja with the URL)
bbunge
Posts: 2923
Joined: Mon Mar 26, 2012 11:40 am
Location: Pennsylvania

Re: Linux Mint/ZM remote access

Post by bbunge »

I have run a Zoneminder server behind a firewall/router for years. Enable SSH on the Zoneminder server (Mint is just Ubuntu/Debian) and port forward port 443 in the router to the ZM server internal IP. Make sure you have security set in Zoneminder. Most SOHO routers offer DDNS service of some kind. I prefer Asus routers.
For better security set up OpenVPN server on the router to gain access to clients on the LAN. Just use a port other than the default OpenVPN port. Asus routers, and others, have OpenVPN built in.
And, I would not recommend running Zoneminder on a desktop system. Ubuntu or Debian minimal install leaves a lot of resources for Zoneminder.
drhiii
Posts: 10
Joined: Sat Sep 07, 2019 11:04 pm

Re: Linux Mint/ZM remote access

Post by drhiii »

All, THANK YOU for all the replies.

I will come at the recommendations above, after I debug my install. I tried to create some debugging and when I saved the selections, got the following:

Warning: error_log(zmdebug): failed to open stream: Permission denied in /usr/share/zoneminder/www/includes/logger.php on line 397

Soooo, before I get back to the port forwarding and related things, anyone know where the config file is that was written to for debuging variables? Need to manually edit it I imagine to get things back to working. Console is kaput. I get the above line and one other for line 400. Am doing a recursive grep through the filesystems to see if I can locate the bugaboo. Or, are the debugging/log variables in sql, which would make it, well... hopefully the former. /etc/zm revealed nothing, sigh. (got my answer... is in sql zm data base)

tx... and I WILL come back to the recommendations in this thread.
drhiii
Posts: 10
Joined: Sat Sep 07, 2019 11:04 pm

Re: Linux Mint/ZM remote access

Post by drhiii »

Figured out how to remove the problem variable.

Now to upgrade to latest ZM.

Then back to the modem/router challenge. Having not done it before, mucking my way thru it. tx
Locked