[SOLVED] Can't watch live stream via Nginx reverse proxy

[sphinxes]

I'm running ZoneMinder 1.34.16 on Arch Linux with Nginx 1.18.0 as the webserver.
Everything works perfectly fine when I access it directly on http://192.168.1.14/zm/. I can view the camera live stream, event recordings etc.

However, I'm also running a separate server with Nginx acting as a reverse proxy to access ZoneMinder from the internet.
I can access ZM and login without issues. Everything seems to work, except watching the camera live stream or event recordings.
Here's a picture how it looks like:

Looking in the ZM log I get the following error from web_php:

Socket /run/zoneminder/zms-232592s.sock does not exist. This file is created by zms, and since it does not exist, either zms did not run, or zms exited early. Please check your zms logs and ensure that CGI is enabled in apache and check that the PATH_ZMS is set correctly. Make sure that ZM is actually recording. If you are trying to view a live stream and the capture process (zmc) is not running then zms will exit. Please go to http://zoneminder.readthedocs.io/en/lat ... window-etc for more information.

PATH_ZMS seems to be correct. I also tried adding /zm in front as suggested in another forum thread, but it didn't help.

Code: Select all

[root@zm ~]# grep PATH_ZMS /etc/zoneminder/conf.d/01-system-paths.conf 
ZM_PATH_ZMS=/cgi-bin/nph-zms

Nginx location block on the ZM server was generated by the ZoneMinder AUR package and looks like:

Code: Select all

server {
    listen 80;
    
    root /usr/share/webapps/zoneminder/www;
    
    index index.php;
    
    access_log /var/log/zoneminder/http_access.log;
    error_log /var/log/zoneminder/http_error.log;
    
    location / {
        try_files $uri $uri/ /index.php?$args =404;
       
        location ~ /api/(css|img|ico) {
            rewrite ^/api(.+)$ /api/app/webroot/$1 break;
            try_files $uri $uri/ =404;
        }

        location /api {
            rewrite ^/api(.+)$ /api/app/webroot/index.php?p=$1 last;
        }

        location /cgi-bin {
            include fastcgi_params;
            
            fastcgi_param SCRIPT_FILENAME $request_filename;
            fastcgi_param HTTP_PROXY "";
            
            fastcgi_pass unix:/run/fcgiwrap.sock;
        }
        
        location ~ \.php$ {
            include fastcgi_params;
            
            fastcgi_param SCRIPT_FILENAME $request_filename;
            fastcgi_param HTTP_PROXY "";
            
            fastcgi_index index.php;
            
            fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
        }
    }
}

Nginx location block on the Reverse Proxy looks like:

Code: Select all

location /zm {
    proxy_pass http://192.168.1.14/zm;
    proxy_http_version 1.1;
    proxy_set_header Connection "";
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-Host $server_name;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-Ssl on;
    proxy_redirect off;
}

Anyone got any ideas what's wrong and what I could try to fix it?
Thanks!

[Maximo1970]

Have you tried your configuration with ZMNinja? If that works going via your NGINX server then it's not an issue with your config, but an issue with a firewall blocking your traffic.

Here's my config for reference.

Code: Select all

server {
        server_name zoneminder;

        location / {
                add_header Last-Modified $date_gmt;
                add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
                if_modified_since off;
                expires off;
                etag off;
                proxy_pass                              http://zoneminder;
                proxy_set_header Host                   $http_host;
                proxy_set_header X-Real-IP              $remote_addr;
                proxy_set_header X-Forwarded-For        $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto      $scheme;
                proxy_set_header X-Forwarded-Port       $server_port;

        }
        location /zm/cgi-bin {
        auth_basic off;
                alias /usr/libexec/zoneminder/cgi-bin;
                include fastcgi_params;
                fastcgi_param SCRIPT_FILENAME $request_filename;
                fastcgi_param HTTP_PROXY "";
                fastcgi_pass unix:/var/run/fcgiwrap.socket;
        }
        location ~ /zm/api/(css|img|ico) {
                auth_basic off;
                rewrite ^/zm/api(.+)$ /api/app/webroot/$1 break;
                try_files $uri $uri/ =404;
        }
        listen 80;

}

[sphinxes]

Thanks for your reply Maximo1970!
I finally got everything to work after many hours of testing different configurations. Everything works as expected both locally on my LAN and via the reverse proxy.
After reading about ZMNinja and it's configuration, I got to troubleshoot the /zm/api and /zm/cgi-bin paths as I realized I wasn't able to access them correctly.

I'm sure there was a combination of multiple changes that made it all work in the end, so I'll just post everything down below, perhaps it could be useful for someone else in the future.

I didn't change anything in the Nginx Reverse Proxy configuration, so that's the same as I posted initially.

I had to change the ZM_PATH_ZMS in /etc/zoneminder/conf.d/01-system-paths.conf to the following:

Code: Select all

# ZoneMinder url path to the zms streaming server
#ZM_PATH_ZMS=/cgi-bin/nph-zms
ZM_PATH_ZMS=/zm/cgi-bin/nph-zms

My current working Nginx configuration on the ZM server look like:

Code: Select all

[root@zm ~]# cat /etc/nginx/sites-enabled/zoneminder.conf
server {
    listen 80;
    root /usr/share/webapps/zoneminder/www;
    index index.php;
    
    access_log /var/log/zoneminder/http_access.log;
    error_log /var/log/zoneminder/http_error.log;

    location /cgi-bin {
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $request_filename;
        fastcgi_param HTTP_PROXY "";
        fastcgi_pass unix:/run/fcgiwrap.sock;
    }

    location /zm {
        try_files $uri $uri/ /index.php?$args =404;

        location ~ \.php$ {
            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $request_filename;
            fastcgi_param HTTP_PROXY "";
            fastcgi_index index.php;
            fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
        }

        location ~ \.(jpg|jpeg|gif|png|ico)$ {
            access_log off;
            expires 30d;
        }

        location /zm/cgi-bin {
            gzip off;
            alias /usr/share/webapps/zoneminder/www/cgi-bin;
            include /etc/nginx/fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $request_filename;
            fastcgi_pass  unix:/run/fcgiwrap.sock;
        }

        location /zm/api/ {
            alias /usr/share/zoneminder/api;
            rewrite ^/zm/api(.+)$ /zm/api/index.php?p=$1 last;
        }
    }
}

For completeness, nginx.conf look like the following. Probably some stuff that can be removed, optimized or set differently, but at least it all works.

Code: Select all

[root@zm ~]# cat /etc/nginx/nginx.conf 

user http;
worker_processes 2;

events {
    worker_connections 1024;
    use epoll;
    multi_accept off;
    accept_mutex off;
}


http {
    include       sites-enabled/*.conf;
    include       mime.types;
    default_type  application/octet-stream;

    # Name servers used to resolve names of upstream servers into addresses.
    # It's also needed when using tcpsocket and udpsocket in Lua modules.
    resolver 192.168.1.3 1.1.1.1 1.0.0.1;

    # Timeout for keep-alive connections. Server will close connections after this time.
    keepalive_disable msie6; # disable selected browsers.
    keepalive_timeout 30;
    keepalive_requests 100000;
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;

    # Buffering causes issues, disable it
    # Increase buffer size, still useful even when buffering is off
    proxy_buffering off;
    proxy_buffer_size 4k;

    # Buffer Size
    client_body_buffer_size      16k;
    client_max_body_size         1m;
    client_header_buffer_size    1k;
    large_client_header_buffers  2 1k;
    output_buffers               1 32k;
    postpone_output              1460;

    # Timeouts
    client_header_timeout 12;
    client_body_timeout   12;
    send_timeout          10;

    # Enable gzipping of responses.
    gzip on;
    gzip_http_version 1.1;
    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 5;
    gzip_buffers 16 8k;
    gzip_min_length 256;
    gzip_disable "MSIE [1-6]\.(?!.*SV1)";
    gzip_types text/plain text/css application/x-javascript text/xml application/xml application/rss+xml application/xml+rss application/atom+xml text/javascript application/javascript application/json text/mathml;


    server_name_in_redirect        off;
    server_tokens                  off;
    server_names_hash_bucket_size  64;
    types_hash_max_size            4096;
    types_hash_bucket_size         64;
}

Marking this thread as solved

[davew]

I have a similar problem and posted great detail about it right here. See link below. I'm going to try some of the nginx configuration stuff that you have here and see if that'll work for me.


viewtopic.php?f=40&t=29689