Accessing ZM from the web

[stevewrightnz1]

I realise that this may not be the right place to ask this but I'm stuck!!!

Has anyone managed to access ZM from outside their network using apache2?

I think I need to use ProxyPass as the ZM server is on a different machine from the web portal by can't get it to work.

Apache VirtualHost looks like this:-

Code: Select all

#zm.example.com

<VirtualHost *:80>

        ServerName zm.example.com
        RewriteEngine on
        ProxyHTMLEnable on
        ProxyRequests off
        ProxyPreserveHost on

        <Proxy *>
           Require all Granted
        </Proxy>

        ProxyPass / http://zm.example.com:80/
        ProxyPassReverse / http://zm.example.com:80/zm/

        ProxyHTMLURLMap http://zm.example.com:80 /zm/

        <Location /zm/>
         Require all Granted
        </Location>

</VirtualHost>

Steve

[bbunge]

You are right... wrong p!ace!

Look up how to port forward in your router or set up dmz.

[davidma]

As bbunge suggests it looks like you need to port forward port 80 external to local port 80 on the server running zoneminder.

I've done this with no problems. I even tested it on my mobile phone (using the 4g lte and not my local wifi) and it works great. I also suggest DDNS if you do not have a static external IP.

[stevewrightnz1]

Hi Guys

Still can't figure this out.

Do I have to expose both machines port 80 / 443 to the outside world?? surely that would cause a conflict as two port 80's and port 443's would be exposed on the same IP address???

I was under the impression that I could ProxyPass off my machine at 192.168.20.200 to 192.168.20.210 - both set to listen on 80 and 443 - so that only one machine was exposed.

Everything seems to work as expected from inside the network but I get either a 404 error or it returns blog.example.com which is the 1st virtual host in the list as expected when something goes awry with a virtual host. I really hope someone knows how to fix this
BTW if someone has a spare minute of two to have a look I have:-

example.com - A record
http://www.example.com - CNAME record
blog.example.com - CNAME record
zm.example.com - CNAME record

set up as sub-domains with my domain name registrar. All point to a single static IP with my ISP and should be handled with Virtual Hosts. The only one I have any problem with is the zm.example.com one.

Firewalls on both machines have 80 and 443 accepting requests from anywhere.

192.168.20.200 - port 80 and 443 exposed to the world on the router

The virtual host for zm.example.com on 192.168.20.200 is

Code: Select all

#zm.example.com

<VirtualHost 192.168.20.210:80>

ServerName zm.example.com

ProxyRequests off
ProxyPreserveHost on
ProxyVia on

<Proxy *>
Require all Granted
</Proxy>

<Location /zm/>
   ProxyHTMLEnable On
   ProxyHTMLExtended On
   ProxyPass http://192.168.20.210:80/zm/
   ProxyPassReverse http://192.168.20.210:80/zm/
   RequestHeader unset Accept-Encoding
   SetOutputFilter proxy-html
   ProxyHTMLURLMap http://192.168.20.210:80/ /zm/
   ProxyHTMLURLMap /zm/ /zm/
</Location>
<Location /zm/cgi-bin/>
   ProxyHTMLInterp On
   ProxyHTMLEnable On
   ProxyHTMLExtended On
   ProxyPass http://192.168.20.210/cgi-bin/
   ProxyPassReverse http://192.168.20.210/cgi-bin/
</Location>
   LogLevel error

   ErrorLog ${APACHE_LOG_DIR}/error.log
   CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

and the virtual host on the Zoneminder machine on 192.168.20.210 is

Code: Select all

#zm.example.com
#Redirect all incoming requests on 192.168.20.210 port 80 to port 443
<VirtualHost *:80>
        ServerName zm.example.com
      
        Redirect permanent / https://zm.example.com/
        DocumentRoot /var/www/zm.example.com/zm/
        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

</VirtualHost>
#Port 443 on 192.68.20.210
<VirtualHost *:443>
        ServerName zm.example.com
         #Web pages live below this
        DocumentRoot /var/www/zm.example.com/public/

   #Deny access to /
        <Directory />
           Options FollowSymLinks
           AllowOverride None
           Require all denied
        </Directory>

   #Allow Access to /zm
        <Directory /var/www/zm.example.com/zm/>
        Options Indexes FollowSymLinks Includes ExecCGI
        Options FollowSymLinks
        AllowOverride All
        Require all granted
        </Directory>
           #Allow Access to web pages - reminder - delete this section when I get zoneminder working
        <Directory /var/www/zm.example.com/public/>
           Options Indexes FollowSymLinks
           AllowOverride All
           Require all granted
        </Directory>

        ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
        <Directory "/usr/lib/cgi-bin">
           AllowOverride None
           Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
           Require all granted
        </Directory>

        SSLEngine on
        #Letsencrypt certificates
        SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
        SSLCertificateChainFile /etc/letsencrypt/live/example.com/fullchain.$

        ErrorLog ${APACHE_LOG_DIR}/error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel debug

        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

As far as I know all apache2 proxy modules on both machines are enabled.

Both "sudo apache2ctl configtest" and "sudo service apache2 restart" run from the terminal without any reported errors.

I really hope that someone knows whats going on as I have been struggling with this for months.

Steve

[davidma]

EDIT: ah, I see you are using virtualhosts and things like proxypass. I can't help you much there unfortunately.

When you get the 404 where is it looking? That might be the key to figuring it out. Check your apache error log as it might give you a hint.

[stevewrightnz1]

AFAIK the 404 error happens when I look at zm.example.com/zm or zm.example.com/zm/ from OUTSIDE the network. I assume there is an issue with ProxyPass but have tried everything I can to get it to work with no result

[stevewrightnz1]

Anyone else got any ideas on how to make this work properly?
Steve