Difference between revisions of "Network/zm setup notes"

From Makers Local 256
Jump to: navigation, search
(Overview: break ldap config into a separate config file to prevent package update issues and tweak for current stable)
(Overview: update instructions based on fresh install)
Line 6: Line 6:
 
## make sure its hostname is "zoneminder"
 
## make sure its hostname is "zoneminder"
 
# As root, install sudo, create a user, add it to sudoers
 
# As root, install sudo, create a user, add it to sudoers
 +
# Add a source for the zoneminder repo (the one in the debian repos is very stale)
 +
#* echo "deb https://zmrepo.zoneminder.com/debian/release-1.34 buster/" > /etc/apt/sources.list.d/zoneminder.list
 +
# Install gnupg
 +
#* apt install apt-transport-https gnupg
 +
# Add the key for the zoneminder repo
 +
#* wget -O - https://zmrepo.zoneminder.com/debian/archive-keyring.gpg | sudo apt-key add -
 +
# Update apt since a new repo was added
 +
#* apt update
 
# Install zoneminder  
 
# Install zoneminder  
## sudo apt update
+
#* apt install zoneminder
## sudo apt upgrade
+
## sudo apt dist-upgrade
+
## sudo apt install php mariadb-server php-mysql libapache2-mod-php7.3
+
## sudo mysql_secure_installation
+
## sudo cp /etc/mysql/mariadb.conf.d/50-server.cnf /etc/mysql/my.cnf
+
## sudo nano /etc/mysql/my.cnf
+
### character-set-server = latin1
+
### collation-server = latin1_swedish_ci
+
## sudo service mariadb restart
+
## sudo nano /etc/apt/sources.list
+
### deb http://www.deb-multimedia.org stretch main non-free
+
## sudo apt install deb-multimedia-keyring
+
## wget http://www.deb-multimedia.org/pool/main/d/deb-multimedia-keyring/deb-multimedia-keyring_2016.8.1_all.deb
+
## sudo dpkg -i deb-multimedia-keyring_2016.8.1_all.deb
+
## sudo apt update
+
## sudo apt upgrade
+
## sudo apt dist-upgrade
+
## sudo apt install zoneminder vlc-plugin-base php7.3-gd
+
## sudo chmod 740 /etc/zm/zm.conf
+
## sudo chown root:www-data /etc/zm/zm.conf
+
 
## systemctl enable zoneminder.service
 
## systemctl enable zoneminder.service
## sudo adduser www-data video
+
## systemctl start zoneminder.service
## sudo systemctl start zoneminder.service
+
## a2enconf zoneminder
## sudo systemctl status zoneminder.service
+
## systemctl restart apache2
## sudo a2enmod cgi
+
## sudo a2enmod rewrite
+
## sudo a2enconf zoneminder
+
## sudo sed -i "s/;date.timezone =/date.timezone = $(sed 's/\//\\\//' /etc/timezone)/g" /etc/php/7.3/apache2/php.ini
+
## sudo chown -R www-data:www-data /usr/share/zoneminder/
+
## sudo service apache2 restart
+
 
# Modify zoneminder to use the Makers LDAP
 
# Modify zoneminder to use the Makers LDAP
## sudo a2enmod ldap
+
## a2enmod ldap
## sudo a2enmod authnz_ldap
+
## a2enmod authnz_ldap
## sudo nano /etc/apache2/conf-available/zoneminder-ml256.conf
+
## Create /etc/apache2/conf-available/zoneminder-ml256.conf with these contents
### Add the following to the config file
+
### <Location /zm>
#### <Location /zm>
+
### AuthType Basic
#### AuthType Basic
+
### AuthBasicProvider ldap
#### AuthBasicProvider ldap
+
### AuthLDAPURL ldap://newldap.256.makerslocal.org/dc=makerslocal,dc=org?uid
#### AuthLDAPURL ldap://newldap.256.makerslocal.org/dc=makerslocal,dc=org?uid
+
### AuthName "LDAP user plz"
#### AuthName "LDAP user plz"
+
### AuthType Basic
#### AuthType Basic
+
### Require valid-user
#### Require valid-user
+
### </Location>
#### </Location>
+
## a2enconf zoneminder-ml256
## sudo a2enconf zoneminder-ml256
+
## systemctl restart apache2
## sudo systemctl status apache2.service
+
## sudo systemctl restart apache2
+
 
# Make new zm pc work in the makers local infrastructure
 
# Make new zm pc work in the makers local infrastructure
## sudo hostnamectl set-hostname zoneminder
+
## vim /etc/network/interfaces -> change nameserver to 10.56.0.1
## sudo vim /etc/network/interfaces -> change nameserver to 10.56.0.1
+
## vim /etc/network/interfaces -> set the ip to static 10.56.0.19
## sudo vim /etc/network/interfaces -> set the ip to static 10.56.0.19
+
 
### auto enp3s0
 
### auto enp3s0
 
### iface enp3s0 inet static
 
### iface enp3s0 inet static

Revision as of 20:45, 15 August 2020

Overview

Steps to configure a zoneminder integration.

  1. Install the latest debian (currently buster)
    1. make sure its hostname is "zoneminder"
  2. As root, install sudo, create a user, add it to sudoers
  3. Add a source for the zoneminder repo (the one in the debian repos is very stale)
  4. Install gnupg
    • apt install apt-transport-https gnupg
  5. Add the key for the zoneminder repo
  6. Update apt since a new repo was added
    • apt update
  7. Install zoneminder
    • apt install zoneminder
    1. systemctl enable zoneminder.service
    2. systemctl start zoneminder.service
    3. a2enconf zoneminder
    4. systemctl restart apache2
  8. Modify zoneminder to use the Makers LDAP
    1. a2enmod ldap
    2. a2enmod authnz_ldap
    3. Create /etc/apache2/conf-available/zoneminder-ml256.conf with these contents
      1. <Location /zm>
      2. AuthType Basic
      3. AuthBasicProvider ldap
      4. AuthLDAPURL ldap://newldap.256.makerslocal.org/dc=makerslocal,dc=org?uid
      5. AuthName "LDAP user plz"
      6. AuthType Basic
      7. Require valid-user
      8. </Location>
    4. a2enconf zoneminder-ml256
    5. systemctl restart apache2
  9. Make new zm pc work in the makers local infrastructure
    1. vim /etc/network/interfaces -> change nameserver to 10.56.0.1
    2. vim /etc/network/interfaces -> set the ip to static 10.56.0.19
      1. auto enp3s0
      2. iface enp3s0 inet static
      3. address 10.56.0.19
      4. gateway 10.56.0.1
      5. netmask 255.255.255.0
  10. log into the new ZM using your ML256 creds and modify the options to match the old zm
    1. ensure the PATH_ZMS on the Paths tab is "/zm/cgi-bin/nph-zms", among other things.
  11. The PC was then connected to the DMZ net (200) by updating a switch port on the ProCurve switch to use that network.
  12. Edit /etc/systemd/system$ cd multi-user.target.wants/zoneminder.service
    1. change 'Restart=on-abnormal' to 'Restart=always' and restart the service.
  13. The old vm was shut down, and the PC was booted
  14. Success!

Next Steps

  1. Soak up the eudaimonia

Deep Gratitude from Phil to:

  • Kinsey
  • Tyler
  • Hunter


Lessons Learned

  • the reverse proxy works by mapping shop.ml.org/zm to zoneminder.ml.org
    • this is done in nginx on the remoteproxy VM in the /etc/nginx/sites-enabled folder. (specifically the shop.makerslocal.org.conf)
    • routing for zoneminder.makerslocal.org is handled by the edge router. it updates its hosts file from reported client hostnames and adds them as fqdns to the network
    • this is neat
Retrieved from "https://256.makerslocal.org/wiki/index.php?title=Network/zm_setup_notes&oldid=23332"