As I said during the PLUG talk last night I will post the instructions I used to build a ZM server.
There were 2 ZM questions I could not answer during the presentation. First was if ZM can run under Nginx, yes it can here's instructions: Nginx, Ubuntu and ZoneMinder - Chiral Software<https://chiralsoftware.com/idea/nginx-ubuntu-and-zoneminder> Second was external hardware motion detection triggering - that's detailed here ZoneMinder Wiki - Wiki - How to use your external camera's motion detection with ZM<https://wiki.zoneminder.com/How_to_use_your_external_camera's_motion_detection_with_ZM> Instructions for building your own RF motion detector are here ZoneMinder Wiki - Wiki - Arduino<https://wiki.zoneminder.com/Arduino> but make sure if you do roll your own you use a very stable power supply or you will get phantom triggering. 1. BIOS and firmware update on existing windows load on system, make sure bios is UEFI for <2TB boot disk support 2. Removed hard drive and replaced with a 4TB 7200 rpm hard disk (Western Digital Purple Pro. NOT the regular Purple that is not 7200rpm) 3. Created Ubuntu Desktop install USB key and boot system from that, installed Ubuntu 22.04LTS. Selected default options used entire hard disk standard EXT filesystem, DHCP, etc. 4. Logged into system ran Firefox and attempted to view an H.265 video from Downloads - Videos > libde265 HEVC - H.265 High Efficiency Video Coding<https://www.libde265.org/downloads-videos/> to determine if processor had hardware decoding. (don't use VLC for this or any viewer since they have software decoders, use a web browser) 5. Determined CPU lacked hardware H.265 decoding support so downloaded and installed user-built version of Chromium that has a software decoder added, from https://github.com/StaZhu/enable-chromium-hevc-hardware-decoding/releases This step isn't necessary if you are using older IP cameras that do not output in H.265, only H.264 or something else 6. Installed updates on OS. Set static IP and hostname from GUI. Sudo -s in terminal Df and make sure all 4TB is accessible 7. apt-get install openssh-server -y apt get install net-tools apt-get install apcupsd 8. apt install apache2 php mariadb-server php-mysql libapache2-mod-php 9. create the zm-install script from https://wiki.zoneminder.com/Ubuntu_Server_or_Desktop_Zoneminder_1.36.x 10. chmod 755 zm-install ./zm-install 11. Access ZoneMinder server from Chromium on the desktop http://whateverstaticIPused/zm NOTE: DO NOT run "mysql_secure_installation" before installing Zoneminder. Zoneminder depends on there being no initial root password on mysql because as part of it's install it automatically creates the mysql zoneminder userID and password and database. But, after it's installed then if you want to secure the root password on mysql then you run mysql_secure_installation. mariadb (maybe earlier versions) and mysql (earlier versions) allow this to work but current versions break the mysql_secure_installation script so you have to do the hack below. mysql_secure_installation No on validate password when it goes into the loop asking for the password then erroring it, in another ssh session pkill -f mysql_secure_installation this leaves mysql open. As sudo -s in the first session root@media:/home/tedm# mysql Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 10 Server version: 8.0.32-0ubuntu0.22.04.2 (Ubuntu) Copyright (c) 2000, 2023, Oracle and/or its affiliates. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql> mysql_native_password by 'whateverpasswordyouwant'; Query OK, 0 rows affected (0.04 sec) mysql> flush privileges; Query OK, 0 rows affected (0.01 sec) mysql> exit Bye root@media:/home/tedm# test it root@media:/home/tedm# mysql -u root -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 11 Server version: 8.0.32-0ubuntu0.22.04.2 (Ubuntu) Copyright (c) 2000, 2023, Oracle and/or its affiliates. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> exit Bye root@media:/home/tedm# now run the setup script mysql_secure_installation root@media:/home/tedm# mysql_secure_installation Securing the MySQL server deployment. Enter password for user root: VALIDATE PASSWORD COMPONENT can be used to test passwords and improve security. It checks the strength of password and allows the users to set only those passwords which are secure enough. Would you like to setup VALIDATE PASSWORD component? Press y|Y for Yes, any other key for No: N Using existing password for root. Change the password for root ? ((Press y|Y for Yes, any other key for No) : N ... skipping. By default, a MySQL installation has an anonymous user, allowing anyone to log into MySQL without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? (Press y|Y for Yes, any other key for No) : y Success. Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? (Press y|Y for Yes, any other key for No) : y Success. By default, MySQL comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? (Press y|Y for Yes, any other key for No) : y - Dropping test database... Success. - Removing privileges on test database... Success. Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? (Press y|Y for Yes, any other key for No) : y Success. All done! root@media:/home/tedm# 1. For mariadb and mysql: vi /etc/mysql/mariadb.conf.d/50-server.cnf Add the following in the [mysql] area: innodb_file_per_table = ON innodb_buffer_pool_size = 256M innodb_log_file_size = 32M change # Instead of skip-networking the default is now to listen only on # localhost which is more compatible and is not less secure. bind-address = 0.0.0.0 CTRL+o then [Enter] to save CTRL+x to exit Reatart Mariadb: sudo service mysql restart cd (to root homedir) NOTE: If you do it backwards and secure mysql with a root password you can temporarily remove the root password depending on the mysql version then install zoneminder then put the root password back. Instructions for blanking the root password are here: mysql - How to set root password to null - Stack Overflow<https://stackoverflow.com/questions/2101694/how-to-set-root-password-to-null> 1. Next is configuring the cameras I assume they are already mounted and installed. To add RLC-820A Cameras: (Info from these URLs: https://forums.zoneminder.com/viewtopic.php?t=30472 https://wiki.zoneminder.com/Reolink https://www.reddit.com/r/reolinkcam/comments/jnurzm/adding_reolink_cameras_to_zoneminder_nvr/ 1) Plug laptop into network and log into router at 192.168.1.1 2) Plug in camera to ethernet switch 3) look in router dhcp and verify ip address assigned to camera. 4) move camera into static ip lease in router 192.168.1.90-> 5) Firmware update camera then login to it again with http 6) factory reset camera (safest to do after a firmware update) 7) login to camera with admin no password and leave password blank 8) click setup in camera and video and Camera>DIsplay>Watermark off, Date & Time Hide Camera Stream Clear 4 fps Fluent leave at 10FPD 640x360 Camera>Info>Camera Name Surveillance turn everything off Network Settings>NTP>turn off synchronization network settings>advanced>ports>turn on rtsp No need to add a user, we can just use "admin" Maintainence> turn off auto reboot 1. Now define the main and sub streams for the cameras in Zoneminder Sub: General Name Front-Street-Sub, server None, Source Type ffmpeg, Function Mocord, Anaysis Enabled Source Source Path rtsp://admin:@192.168.1.144//h264Preview_01_sub, Options reorder_queue_size=1000 32 bit color, Capture Resolution 640x360 Storage Camera Passthrough Timestamp FontSize Small Main: General Name Front-Street-Main, server None, Source Type ffmpeg, Function Nodect, Anaysis Enabled, Linked Monitors FrontStreetSub Source Source Path rtsp://admin:@192.168.1.144//h265Preview_01_main, Options reorder_queue_size=10000 32 bit color, Capture Resolution 4K UHD Storage Camera Passthrough Timestamp FontSize Extra Large 1. Login to Zoneminder and go to Filters and make sure that the Purgefilter is set to 1000 events not 100 and that disk percentage is 90% not 95% 2. Optionally, define zones of motion for detection, covered here ZoneMinder Wiki - Wiki - How to setup motion detection<https://wiki.zoneminder.com/How_to_setup_motion_detection> and even better in ZoneMinder Wiki - Wiki - Understanding ZoneMinder's Zoning system for Dummies<https://wiki.zoneminder.com/Understanding_ZoneMinder's_Zoning_system_for_Dummies> 3. If the console of the Zoneminder server is to be used as a monitoring station with videos on streaming constantly then you need to shut off screen blanking when you are logged in: follow this to install the extension installer in Firefox: https://linuxconfig.org/how-to-install-gnome-shell-extensions-on-ubuntu-20-04-focal-fossa-linux-desktop then go here: https://extensions.gnome.org/extension/1414/unblank/ click the On switch Note that only the Firefox browser will show more than 6 camera instances at a time. 1. Last thing is setting it up for zmNinja-Pro which is the Android app that accesses a Zoneminder server. You need to setup your router to port forward to your zoneminder server and you need to set a password on the admin user and then turn on zoneminder authentication. For ZMNinja I could not get it to work with a simple userID like "viewer" I had to use "admin" as the user ID that zmninja uses to connect. That means the API must be turned on for the admin user, do that in the user settings for admin in zoneminder Test that the API is working by logging in with admin to the web browser then http://zoneminderserverIP/zm/api/host/getVersion.json to see if the API works Note that the default zonminder.conf file is broken for the API use the fix here: https://jabriffa.wordpress.com/2022/09/22/fixing-zoneminder-and-zmninja-on-upgrade-to-ubuntu-22-04-lts/ you might also need to do a chown -R www-data:www-data /usr/share/zoneminder/www/api Lastly in the zoneminder.conf file some of the alias and director statements lack double quotes around the items - it won't matter but it's not proper. Ted
