Network/zm setup notes

Overview

Steps to configure a zoneminder integration.

1. Install the latest debian (currently buster)
   1. make sure its hostname is "zoneminder"
2. As root, install sudo, create a user, add it to sudoers
3. Install zoneminder
   1. sudo apt update
   2. sudo apt upgrade
   3. sudo apt dist-upgrade
   4. sudo apt install php mariadb-server php-mysql libapache2-mod-php7.3
   5. sudo mysql_secure_installation
   6. sudo cp /etc/mysql/mariadb.conf.d/50-server.cnf /etc/mysql/my.cnf
   7. sudo nano /etc/mysql/my.cnf
      1. character-set-server = latin1
      2. collation-server = latin1_swedish_ci
   8. sudo service mariadb restart
   9. sudo nano /etc/apt/sources.list
      1. deb http://www.deb-multimedia.org stretch main non-free
   10. sudo apt install deb-multimedia-keyring
   11. wget http://www.deb-multimedia.org/pool/main/d/deb-multimedia-keyring/deb-multimedia-keyring_2016.8.1_all.deb
   12. sudo dpkg -i deb-multimedia-keyring_2016.8.1_all.deb
   13. sudo apt update
   14. sudo apt upgrade
   15. sudo apt dist-upgrade
   16. sudo apt install zoneminder vlc-plugin-base php7.3-gd
   17. sudo chmod 740 /etc/zm/zm.conf
   18. sudo chown root:www-data /etc/zm/zm.conf
   19. systemctl enable zoneminder.service
   20. sudo adduser www-data video
   21. sudo systemctl start zoneminder.service
   22. sudo systemctl status zoneminder.service
   23. sudo a2enmod cgi
   24. sudo a2enmod rewrite
   25. sudo a2enconf zoneminder
   26. sudo sed -i "s/;date.timezone =/date.timezone = $(sed 's/\//\\\//' /etc/timezone)/g" /etc/php/7.3/apache2/php.ini
   27. sudo chown -R www-data:www-data /usr/share/zoneminder/
   28. sudo service apache2 restart
4. Modify zoneminder to use the Makers LDAP
   1. sudo a2enmod ldap
   2. sudo a2enmod authnz_ldap
   3. sudo nano /etc/apache2/conf-available/zoneminder-ml256.conf
      1. Add the following to the config file
         1. <Location /zm>
         2. AuthType Basic
         3. AuthBasicProvider ldap
         4. AuthLDAPURL ldap://newldap.256.makerslocal.org/dc=makerslocal,dc=org?uid
         5. AuthName "LDAP user plz"
         6. AuthType Basic
         7. Require valid-user
         8. </Location>
   4. sudo a2enconf zoneminder-ml256
   5. sudo systemctl status apache2.service
   6. sudo systemctl restart apache2
5. Make new zm pc work in the makers local infrastructure
   1. sudo hostnamectl set-hostname zoneminder
   2. sudo vim /etc/network/interfaces -> change nameserver to 10.56.0.1
   3. sudo vim /etc/network/interfaces -> set the ip to static 10.56.0.19
      1. auto enp3s0
      2. iface enp3s0 inet static
      3. address 10.56.0.19
      4. gateway 10.56.0.1
      5. netmask 255.255.255.0
6. log into the new ZM using your ML256 creds and modify the options to match the old zm
   1. ensure the PATH_ZMS on the Paths tab is "/zm/cgi-bin/nph-zms", among other things.
7. The PC was then connected to the DMZ net (200) by updating a switch port on the ProCurve switch to use that network.
8. Edit /etc/systemd/system$ cd multi-user.target.wants/zoneminder.service
   1. change 'Restart=on-abnormal' to 'Restart=always' and restart the service.
9. The old vm was shut down, and the PC was booted
10. Success!

Next Steps

1. Soak up the eudaimonia

Deep Gratitude from Phil to:

• Kinsey
• Tyler
• Hunter

Lessons Learned

• the reverse proxy works by mapping shop.ml.org/zm to zoneminder.ml.org
  • this is done in nginx on the remoteproxy VM in the /etc/nginx/sites-enabled folder. (specifically the shop.makerslocal.org.conf)
  • routing for zoneminder.makerslocal.org is handled by the edge router. it updates its hosts file from reported client hostnames and adds them as fqdns to the network
  • this is neat