Network/zm setup notes

Overview

Steps to configure a zoneminder integration.

1. Install the latest debian (currently buster)
   1. make sure its hostname is "zoneminder"
2. As root, install sudo, create a user, add it to sudoers
3. Add a source for the zoneminder repo (the one in the debian repos is very stale)
   • echo "deb https://zmrepo.zoneminder.com/debian/release-1.34 buster/" > /etc/apt/sources.list.d/zoneminder.list
4. Install gnupg
   • apt install apt-transport-https gnupg
5. Add the key for the zoneminder repo
   • wget -O - https://zmrepo.zoneminder.com/debian/archive-keyring.gpg | sudo apt-key add -
6. Update apt since a new repo was added
   • apt update
7. Install zoneminder
   • apt install zoneminder
   1. systemctl enable zoneminder.service
   2. systemctl start zoneminder.service
   3. a2enconf zoneminder
   4. systemctl restart apache2
8. Modify zoneminder to use the Makers LDAP
   1. a2enmod ldap
   2. a2enmod authnz_ldap
   3. Create /etc/apache2/conf-available/zoneminder-ml256.conf with these contents
      1. <Location /zm>
      2. AuthType Basic
      3. AuthBasicProvider ldap
      4. AuthLDAPURL ldap://newldap.256.makerslocal.org/dc=makerslocal,dc=org?uid
      5. AuthName "LDAP user plz"
      6. AuthType Basic
      7. Require valid-user
      8. </Location>
   4. a2enconf zoneminder-ml256
   5. systemctl restart apache2
9. Make new zm pc work in the makers local infrastructure
   1. vim /etc/network/interfaces -> change nameserver to 10.56.0.1
   2. vim /etc/network/interfaces -> set the ip to static 10.56.0.19
      1. auto enp3s0
      2. iface enp3s0 inet static
      3. address 10.56.0.19
      4. gateway 10.56.0.1
      5. netmask 255.255.255.0
10. log into the new ZM using your ML256 creds and modify the options to match the old zm
    1. ensure the PATH_ZMS on the Paths tab is "/zm/cgi-bin/nph-zms", among other things.
11. The PC was then connected to the DMZ net (200) by updating a switch port on the ProCurve switch to use that network.
12. Edit /etc/systemd/system$ cd multi-user.target.wants/zoneminder.service
    1. change 'Restart=on-abnormal' to 'Restart=always' and restart the service.
13. The old vm was shut down, and the PC was booted
14. Success!

Next Steps

1. Soak up the eudaimonia

Deep Gratitude from Phil to:

• Kinsey
• Tyler
• Hunter

Lessons Learned

• the reverse proxy works by mapping shop.ml.org/zm to zoneminder.ml.org
  • this is done in nginx on the remoteproxy VM in the /etc/nginx/sites-enabled folder. (specifically the shop.makerslocal.org.conf)
  • routing for zoneminder.makerslocal.org is handled by the edge router. it updates its hosts file from reported client hostnames and adds them as fqdns to the network
  • this is neat