zaliis
Posts: 4
Joined: Fri Feb 15, 2013 4:56 am

Tutorial - Nginx as a Reverse Proxy for security cameras

Tue Feb 19, 2013 2:58 am

I have 2 Foscam security cameras that I access from my android phone to check on the house while I am away. However, the cameras only support HTTP and not HTTPS so I needed a Reverse Proxy in order to prevent unauthorized access.
Below are the steps I followed to turn the PI into a reverse proxy.

What will you need before starting:
. Your security cameras setup with static IP addresses.
. One or more dynamic DNS domain(s) from http://dnsdynamic.org/ All examples here will assume exampleurl.dnsdynamic.com
(The domains are free do not get them confused with others that charge for this)
. Your router setup to forward port 443 to the static IP of your Raspberry Pi.
. A static IP address that you can use for your PI. All examples here will assume it's 192.168.0.120
. A backup of your SD card before starting.
. You should be familar with editing files using nano.
. An upgraded Raspberry PI.
. You should read the Nginx primer at http://blog.martinfjordvald.com/2010/07/nginx-primer/

Finally to view the video on my cameras I use IP Cam Viewer from Google play with the following url(s)
https://exampleurl.dnsdynamic.com/cameraup/ for the upstairs camera
https://exampleurl.dnsdynamic.com/cameradown/ for the downstairs camera
for the examples that follow you can assume that the cameras have the following static IP addresses and ports:
192.168.0.33:6474 upstairs camera
192.168.0.34:6475 downstairs cameras
Finally I tested this on the 2/9/13 wheezy but anyone can cut and paste wrong so I apologize in advance Lets get started.

1. Make a backup folder for all of the files you are about to modify
sudo mkdir /home/pi/backupfiles
2. Configure a Static IP for the Raspberry Pi
a. Make a backup of your interfaces file
sudo cp /etc/network/interfaces /home/pi/backupfiles/interfaces.backup
b. Edit the interfaces file
sudo nano /etc/network/interfaces
c. Delete the line
iface eth0 inet dhcp
d. Add the following 4 lines to the interfaces file where you deleted the line above.
iface eth0 inet static
address 192.168.0.120
netmask 255.255.255.0
gateway 192.168.0.1
e. Save the file and afterwards reboot the system
sudo shutdown -r now
f. When the system reboots ensure that no errors regarding the interfaces file shows on your monitor.
3. Install ddClient you will need this software to send the IP address of your router to dnsdynamic.org
a. sudo apt-get install ddclient
b. Answer the following questions
After this operation, 1,774 kB of additional disk space will be used.
Do you want to continue [Y/n]?: Y
Dynamic DNS service provider: other
Dynamic DNS server: http://www.dnsdynamic.org
Dynamic DNS update protocol: dyndns2
Username of dynamic DNS service: enter your login for dnsdynamic.org
Password for dynamic DNS service: enter your password for dnsdynamic.org
Network interface used for dynamic DNS service: eth0
DynDNS fully qualified domain names: exampleurl.dnsdynamic.com
c. Edit the ddclient conf file
sudo nano /etc/ddclient.conf
d. change the 6th line
FROM use=if, if=eth0
TO use=web, if=eth0
e. Save the file and reboot the system
sudo shutdown -r now
f. If no errors show up during your reboot make a copy of the ddclient.conf file.
sudo cp /etc/ddclient.conf /home/pi/backupfiles/ddclient.conf.backup
g. Login at http://www.dnsdynamic.org and see if your router IP address shows up.
4. Create your self signed SSL certificates
a. Make a directory for the certificates
sudo mkdir /home/pi/certificates
b. Navigate to that directory
cd /home/pi/certificates
b. Generate the private key
sudo openssl genrsa -des3 -out exampleurl.dnsdynamic.com.key 2048
-- you will be prompted (twice) for a password for the key do not forget it
c. Generate the Certificate Signing Request
sudo openssl req -new -key exampleurl.dnsdynamic.com.key -out exampleurl.dnsdynamic.com.csr
-- at the prompts feel free to either enter values or simply press the enter key to accept the shown default value.
d. Generate the self signed certificate (good for 12 years)
sudo openssl x509 -req -days 4380 -in exampleurl.dnsdynamic.com.csr -signkey exampleurl.dnsdynamic.com.key -out exampleurl.dnsdynamic.com.crt
-- you will be prompted for the private key password
e. Generate a key that does not have a password
sudo openssl rsa -in exampleurl.dnsdynamic.com.key -out exampleurl.dnsdynamic.com.unsecure.key
5. Install nginx
sudo apt-get install nginx
a. Answer the question
After this operation, 6,134 kB of additional disk space will be used.
Do you want to continue [Y/n]?: Y
b. Make a backup of the nginx config file
sudo cp /etc/nginx/sites-enabled/default /home/pi/backupfiles/nginx.default.backup
c. Edit the nginx config
sudo nano /etc/nginx/sites-enabled/default
d. Add the following lines near the top of the server section

listen 443;
ssl on;
ssl_certificate /home/pi/certificates/exampleurl.dnsdynamic.com.crt;
ssl_certificate_key /home/pi/certificates/exampleurl.dnsdynamic.com.unsecure.key;

location /cameraup/ {
proxy_pass http://192.168.0.33:6474/;
proxy_redirect off;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
}
location /cameradown/ {
proxy_pass http://192.168.0.34:6475/;
proxy_redirect off;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
}
e. change the server_name from localhost to your domain name
server_name exampleurl.dnsdynamic.com;
f. Save the file and see if you made any mistakes by reloading nginx
sudo service nginx reload
g. If no errors reboot
sudo shutdown -r now

Thats all folks :mrgreen:

BigTA78
Posts: 1
Joined: Thu Jan 05, 2017 11:15 pm

Re: Tutorial - Nginx as a Reverse Proxy for security cameras

Thu Jan 05, 2017 11:23 pm

I'm attempting to adapt your tutorial for https access to tvheadend which is running on my Pi3.
However, when I attempt to login through the browser, I get Privacy errors.

This page is insecure (broken HTTPS).

On further examination it looks like a Certificate Error

There are issues with the site's certificate chain (net::ERR_CERT_AUTHORITY_INVALID).

Everything seemed to go smoothly, so I don't know what the issue is or whether it's safe to ignore these warnings. Maybe because these were self-signed certificates?

If I ignore the warnings, I get either a 404 or the nginx landing page, so it looks like I still have some work to do here.

RalfyM
Posts: 5
Joined: Sun Jan 14, 2018 12:28 pm

Re: Tutorial - Nginx as a Reverse Proxy for security cameras

Sat Jan 20, 2018 9:48 am

Hello,
I followed this example but using no-ip as the DDNS service. I cannot seem to get a stream and I think it is because my IP camera streams using RTSP. Any idea how this is configured in NGINX, please? Unfortunately the examples I've Googled are either not complete examples or they confuse me enough that I cannot get anything to work. The camera is a Wansview K2. Any help would be appreciated.

Regards

Return to “Networking and servers”

Who is online

Users browsing this forum: Baidu [Spider] and 11 guests