Friday, December 5, 2014

Secure Foscam IP Cameras with SSL on Raspberry PI and NGINX

Foscam + Raspberry Pi = SSL

When my first kid was born, my wife and I wanted a convenient, cheap, but externally accessible way to monitor our daughter. Thus, the usual baby monitors wouldn't do the trick. We ended up getting a really handy and super cheap Foscam FI8910W IP Camera.

Everything about it is pretty great … except security. For that reason, I never poked a hole through my firewall so that friends and family could peek in on Piper from time to time. I could always access the camera over VPN, but nobody else could ('cause I'm stingy with my network access).

When I found out I had another one on the way, I decided that not only did I need another camera, but I needed a more convenient way to securely access my cameras from outside my house. I decided I to pick up a Raspberry Pi and expose an https endpoint that could reverse proxy requests to my ip camera. This way, I have a secure connection into my house. It's still plain text between the camera and the pi, but that's inside my network and I'm less concerned about it there.

In any case, I picked up a Raspberry Pi Starter Kit which I recommend for your first pi. It'll come with the components you'll need to get set up. The second time I did this (for the sake of recording the steps to write this blog, I just formatted my own noobs card and I used the wifi dongle from the previous pi kit.

I tried to install noobs lite on an 8gb microsd card I got from the Raspberry Pi Downloads page, but noobs lite didn't work with the wifi dongle so I recommend plain old noobs. For the second time around, I just downloaded Raspbian and used dd to image the microsd. Again, I recommend noobs (and I recommend the starter kit) unless you feel pretty comfortable with command line utilities. If you are, use the instructions for installing operating system images from the raspberry pi site.

Pi

That being said, with noobs, you just format your micro SD card with FAT and copy the contents of the noobs zip to the sd card root. Put the SD card in the pi, connect the mouse and keyboard, connect ethernet or the wifi dongle, connect some video output, etc. Then, plug in the device.

The first thing to do is get connected to wifi. It's easier to do in the GUI so run startx, configure your wifi network, and log out.

Enable SSH in sudo raspi-config.

Using SSH to administer a box is kind of a pain without tmux so get that. Also, vim is awesome so get that too. Finally, we're going to be using nginx as our reverse proxy so install that as well.

sudo apt-get update && sudo apt-get install tmux vim nginx
To make SSH even easier, scp your public key to your pi's ~/.ssh folder and cat it into authorized_keys.

If you are using wifi, you'll find that wifi is disable after rebooting until the dongle is removed and re-inserted. You can change this behavior by executing

sudo vim /etc/network/interfaces
and changing
iface wlan0 inet manual
wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
to
auto wlan0
iface wlan0 inet dhcp
wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

You'll want nginx to start automatically on reboot too probably so execute

sudo update-rc.d nginx defaults

Router

Give your pi a static ip address. My router lets me map static ips to mac addresses. DD-WRT lets you do that too. If you can't with your router, configure a static ip address following the Debian Network Configuration Instructions.

Give your router a static ip as well.

Forward port 443 (the default SSL port) to 443 on the pi's IP address

Get a dynamic DNS account that's supported by your router. If your router doesn't do dynamic DNS (and you can't install a decent firmware that does, you can use ddclient on your pi instead.

Domain

You'll need a domain name that you own to get an SSL certificate. Register one.

In your domain's DNS configuration, create a subdomain with a CNAME record pointing to your dynamic DNS domain.

SSL

Get your SSL certificate from Start SSL (the free certificate will be fine). You'll have to validate your domain. The process is pretty straightforward.

Download your certificate, key, and the intermediate certificates and make a unified certificate:

wget http://www.startssl.com/certs/ca.pem
wget http://www.startssl.com/certs/sub.class1.server.ca.pem
cat ssl.crt sub.class1.server.ca.pem ca.pem > ssl-unified.crt

SCP the key and the unified certificate to the pi's /etc/nginx folder (I like putting my certs in a subfolder)

Configure nginx

Create a configuration file called /etc/nginx/sites-available/ipcams

server {
  listen 80;

  server_name your.domain.com;
  server_name your.pi.ip.address;

  return 301 https://$host$request_uri;
}

server {
  listen 443 ssl;

  ssl_certificate /etc/nginx/certs/ssl-unified.crt;
  ssl_certificate_key /etc/nginx/certs/ssl.key;

  server_name your.domain.com;
  server_name your.pi.ip.address;

  location /front_porch/ {
    proxy_pass http://your.porch_cam.ip.address:80/;
  }

  location /baby_room/ {
    proxy_pass http://your.baby_cam.ip.address:80/;
  }
}

Remove the default symlink from /etc/nginx/sites-enabled and add new symlink

cd /etc/nginx/sites-enabled
sudo ln -s ../sites-available/ipcams ./ipcams

Restart nginx:

sudo service nginx restart

Summary

So, now https requests to your subdomain are resolved by your dynamic DNS to point to your IP where your Pi is. Your Pi gets an https request and forwards it inside your well protected network (in plain text) to your camera. I keep my Pi wired to cut back on the wireless traffic that happens in plain text. In any case, this way you can get from outside your house to inside your house over an encrypted ssl connection.

97 comments:

  1. Imprnt are engaged in offering a quality range of Access Control System. Due to their efficient performance, minimum maintenance and high identification speed, the systems are highly appreciated by our clients.
    This post is very helpful .Thanks a lot for this post that share with us . You can get more information here:
    ip camera
    goedkope ip camera
    ip camera kopen
    bewakingscamera
    bewakingscamera kopen
    goedkope bewakingscamera

    ReplyDelete
  2. Excellent post! Pretty much what I was looking for :) Do you have port forwarding setup for the Pi to the router? Does the video quality suffer?


    I am looking at BlueIris, but I am worried if I expose a windows machine, the attack surface would be more.( It does have recording capabilities though)

    Cheers,
    Ben


    ReplyDelete
  3. I am having a problem with this setup. Everything works right until the plugin starts and then it times out.

    ReplyDelete
  4. This article provides the readers with useful tips that can help them in purchasing new home security alarms for their Melbourne Hikvision It details the important points that need to be remembered when buying a new security alarm system.

    ReplyDelete
  5. There are few places in today's 'Big Brother' world you can go without encountering CCTV cameras. For good or bad, they are here to stay. There is no doubt that covert and overt Serious Security CCTV cameras play an important part in reducing crime and enhancing safety but do we need so many?

    ReplyDelete
  6. Hey! Nice stuff, do tell us when you post something like that! camworks 2019 sp3

    ReplyDelete
  7. Starting a business in Australia can be either simple or complex, depending on the way you choose to structure your enterprise. There are four basic structures that you can choose from. These are Sole Trader, Partnership, Company or Trust. cad cam cnc software for sale

    ReplyDelete
  8. SEO provides you opportunity to make your site visible in search engines. There are many SEO packages available in market but you have choose which SEO packages suites your business needs. high da backlinks

    ReplyDelete
  9. SEO provides you opportunity to make your site visible in search engines. There are many SEO packages available in market but you have choose which SEO packages suites your business needs. how to get dofollow backlinks

    ReplyDelete
  10. SEO provides you opportunity to make your site visible in search engines. There are many SEO packages available in market but you have choose which SEO packages suites your business needs. buy seo services online

    ReplyDelete
  11. Once I initially commented I clicked the -Notify me when new comments are added- checkbox and now each time a comment is added I get four emails with the same comment. Is there any method you can take away me from that service? Thanks! 먹튀검증

    ReplyDelete
  12. I visited a lot of website but I conceive this one holds something special in it in it 먹튀검증업체

    ReplyDelete
  13. I can understand that this is life during wartime, but many other films of this genre manage to squeeze in some hot babe scenes. 먹튀

    ReplyDelete
  14. My California Weight Loss diet invariably is an cost effective and versatile staying on your diet tv show made for people who find themselves planning to drop extra pounds and furthermore ultimately keep a much healthier habits. la weight loss 안전놀이터검증

    ReplyDelete
  15. You are about to learn about a review tip offered to a local business CEO about who was assassinating their reputation and possibly causing the business to lose profits right from the businesses bottom line, which could possibly be happening in your business? I was going to wait for the CEO to reply after my initial contact but I knew this person was busy so I wanted to give the CEO all the facts up front to make any decisions on in this matter that had to be made. quitmasturbating

    ReplyDelete
  16. ??? ??? ???? ?????? ?? ????? ????? ????? ?? ?????? ?????? ????? . ????? ??????? ????? ?????? ????? ??????? ?????? ??????? ???? ????? ?????? ??????? ??? ?????? ??? ?? ??????? money ????? ????????. 우리카지노계열

    ReplyDelete
  17. Although my area of expertise is in the Internet Marketing niche, as I was writing this article, I noticed the information would also work for traditional start up businesses as well. You will notice there are no references to Internet Marketing, etc. This is because I also wanted to share this information with anyone who is planning on starting a "traditional, brick and mortar" business. But the information contained here also applies to my friends who opt to go with the trend of online marketing as well. In this article, we focus on the initial planning steps of getting your business up and ready to open. Local News Feed New York

    ReplyDelete
  18. After examine just a few of the blog posts on your website now, and I actually like your approach of blogging. I bookmarked it to my bookmark web site record and will likely be checking back soon. Pls try my web site as effectively and let me know what you think. 먹튀

    ReplyDelete
  19. After examine just a few of the blog posts on your website now, and I actually like your approach of blogging. I bookmarked it to my bookmark web site record and will likely be checking back soon. Pls try my web site as effectively and let me know what you think. Mega888 android and ios

    ReplyDelete
  20. Wonderful goods from you, man. I’ve understand your stuff previous to and you’re just extremely magnificent. I actually like what you have acquired here, really like what you are saying and the way in which you say it. You make it entertaining and you still take care of to keep it wise. I can not wait to read much more from you. This is actually a wonderful web site. 먹튀

    ReplyDelete
  21. I invite you to the page where you can read       with interesting information on similar topics 먹튀신고

    ReplyDelete
  22. I invite you to the page where you can read       with interesting information on similar topics 먹튀신고

    ReplyDelete
  23. With the US economy continues to pick up steam from the Great Recession, businesses are looking for growth capital and as a result, commercial banks are beginning to be IN STYLE once again. If anything we can be sure of both as consumers and producers in the US, business cycles are a given reality that requires wisdom and discipline to foresee and adequately prepare for.. 출장안마

    ReplyDelete
  24. I like viewing web sites which comprehend the price of delivering the excellent useful resource free of charge. I truly adored reading your posting. Thank you! 먹튀신고

    ReplyDelete
  25. The post is written in very a good manner and it contains many useful information for me 안전놀이터

    ReplyDelete
  26. Personally I think overjoyed I discovered the blogs. 먹튀폴리스

    ReplyDelete
  27. Choosing a technology partner should not be made lightly with all of the money and time invested in a project. For this reason you have to do your homework and find out which company will be the best fit for your team, company, and project. You have to be willing to ask questions, get references and referrals, and take the time to consider the compatibility of teams. Be open and receptive to the things that different companies have to offer and align those with the things you are looking for. In the end taking the time to find a technology partner that you can trust will pay off and could lead to future collaborations. Greenhouse Gas

    ReplyDelete
  28. Business is a tough game. Continually we need to operate in three areas to ensure we produce consistent outcomes. The businesses we work with are challenged to: Additional reading

    ReplyDelete
  29. Decent data, profitable and phenomenal outline, as offer well done with smart thoughts and ideas, bunches of extraordinary data and motivation, both of which I require, on account of offer such an accommodating data her 사설토토

    ReplyDelete
  30. I am always searching online for articles that can help me. There is obviously a lot to know about this. I think you made some good points in Features also. Keep working, great job! seo tijuana

    ReplyDelete
  31. This is very useful, although it will be important to help simply click that web page link: used motorcycles for sale

    ReplyDelete
  32. Thats really a nice and worthy post, this Stiglitz topic is very interesting. Keep it up with the good work, thanks for sharing this article polaris dealer

    ReplyDelete
  33. Thanks for a wonderful share. Your article has proved your hard work and experience you have got in this field. Brilliant .i love it reading Auto Shop Reading

    ReplyDelete
  34. I invite you to the page where you can read       with interesting information on similar topics. Transfer From Airport

    ReplyDelete
  35. I invite you to the page where you can read       with interesting information on similar topics. 안전놀이터

    ReplyDelete
  36. Your substance is completely splendid from various perspectives. I think this is drawing in and educational material. Much obliged to you such a great amount for thinking about your substance and your perusers. Buy Klonopin Online

    ReplyDelete
  37. Electrical power dissertation web-sites on-line when you likewise be given clearly advertised with your web page. voyance

    ReplyDelete
  38. men and women think.
    Also, many thanks for allowing for me to comment! 토토사이트검증

    ReplyDelete
  39. Good article! We are linking to this particularly great post on our site. Keep up the great writing.토토먹튀

    ReplyDelete
  40. Promptly your blog might irrefutably typically possibly be visible related to each one of blog site people today, on account of diligent studies and as well lab tests. top explainer video companies near me

    ReplyDelete
  41. Your post is very helpful to get some effective tips to reduce weight properly. You have shared various nice photos of the same. I would like to thank you for sharing these tips. Surely I will try this at home. Keep updating more simple tips like this.해선커뮤니티

    ReplyDelete
  42. wonderful points altogether,Perfect. I'll come often. Great work! 토토존보증업체

    ReplyDelete
  43. That's a really good piece of data. Amazing.Thank you. I'll be back every day 안전사이트

    ReplyDelete
  44. Wow, superb blog layout! How long have you been blogging for? you made blogging look easy. The overall look of your website is excellent, as well as the content! 먹튀검증

    ReplyDelete
  45. thing needs to happen! Simply letting the quota happen isn’t acceptable. This will help you stay above the curve 먹튀폴리스

    ReplyDelete
  46. IE nonetheless is the market leader and a huge component to other people will leave out your great writing because of this problem 메이저사이트

    ReplyDelete
  47. carried out right here. The sketch is tasteful, 보증업체 your authored subject Thank you for doing my research for me

    ReplyDelete
  48. Thank you. I'll be back every day. Guess I will just bookmark this site 먹튀검증커뮤니티

    ReplyDelete
  49. Every time you have this place like this,Guess I will just bookmark this site. 해외안전공원

    ReplyDelete
  50. Bank turned you down for a business loan? Did you know that there may be another local financial institution that is more likely to say yes? Fortune best cryptocurrency

    ReplyDelete
  51. I want to start a blog to write about everything that happens at school and
    with friends…anonymously…any sugestions?.밤고수입니다

    ReplyDelete
  52. want to leave a little comment to support and wish you the best of luck.
    we wish you the best of luck in all your blogging enedevors.검증된


    ReplyDelete
  53. Sweet blog! I found it while browsing on Yahoo News.
    Do you have any tips on how to get listed in Yahoo News?
    I’ve been trying for a while but I never seem to get
    there! Thank you

    Also visit my site:オンラインカジノ

    ReplyDelete
  54. I think there are lots of more enjoyable instances ahead for individuals who take a look
    at your blog post.

    Here is my web site - 휴게텔

    ReplyDelete
  55. My partner and I stumbled over here coming from a different website and thought I may as well
    check things out. I like what I see so now i'm following
    you. Look forward to exploring your web page again.
    출장안마

    The Gaming Club Casino also offers auction services to members, a sign-up bonus and cash
    gratuities available to players and club members alike.
    After the player receiving this bonus, these casinos
    offer other bonuses for future deposits. These
    players will be provided incentives for upcoming deposits that happen to be their casino accounts.

    ReplyDelete
  56. I do not even know how I ended up here, but I thought this post was good. I do not know who you are but definitely you are going to a famous blogger if you aren’t already ?? Cheers!
    II바카라사이트

    ReplyDelete
  57. Hello to all, how is everything, I think every one is
    getting more from this site, and your views are good for new visitors.오피사이트

    ReplyDelete
  58. If you're thinking about taking digital photography classes to help you become a better photographer, but aren't sure where to begin, here are the most common ways to take an affordable photography class. Online photography classes are one of the quickest and easiest ways to get started. photobooth

    ReplyDelete
  59. It’s a pity you din’t have a dinate buttin?! I’d certainly dinate to it fantaddtic blog?! I suppose for now i’ll settle for bookmarking and adding Vegus RSS feed to my Google account. I look forward to fresh updates and will talk about it site with my Facebook group. Chat soin?!
    슬롯머신

    >wep<

    ReplyDelete
  60. All your hard work is much appreciated. This content data gives truly quality and unique information. I’m definitely going to look into it. Really very beneficial tips are provided here and, Thank you so much.카지노사이트 Keep up the good works.

    ReplyDelete
  61. Thank you for sharing your thoughts. I really appreciate your my own blog and would like to find out where u got this from. 토토커뮤니티

    ReplyDelete
  62. I'll come and read every day. It's really nice to have a place like this I wish you all the best 토토검증

    ReplyDelete
  63. I really like reading a post 검증놀이터 to learn. i appreciate you and hopping for some more informative posts

    ReplyDelete
  64. I really like reading a post 메이저검증 that can make people think. Also, many thanks for allowing me to comment!

    ReplyDelete
  65. should take part in a contest for one of the greatest websites on the 토토검증 about this subject, however, you sound like you know what youíre talking about! Thanks

    ReplyDelete
  66. https://dpatrickcaldwell.blogspot.com/2014/12/secure-foscam-ip-cameras-with-ssl-on.html?showComment=1531133739904#c329090643126130956

    ReplyDelete
  67. Thank you a lot for sharing this with all of us you
    actually realize what you are talking approximately!
    Bookmarked. Kindly also visit my site =). We can have a hyperlink
    trade arrangement between us 바카라


    ReplyDelete
  68. Every good business must have a roadmap that tells exactly how the company is, its potentials and makeup. This important document serves as a guarantee for assistance by any technical or financial institution. It is thus imperative that young entrepreneurs consider developing their own business plan for their enterprises. 101 Bio

    ReplyDelete
  69. Every good business must have a roadmap that tells exactly how the company is, its potentials and makeup. This important document serves as a guarantee for assistance by any technical or financial institution. It is thus imperative that young entrepreneurs consider developing their own business plan for their enterprises. lifestyle blog

    ReplyDelete
  70. Every good business must have a roadmap that tells exactly how the company is, its potentials and makeup. This important document serves as a guarantee for assistance by any technical or financial institution. It is thus imperative that young entrepreneurs consider developing their own business plan for their enterprises. hot new beauty launches

    ReplyDelete
  71. Hello, I used to check the posts here all the time. Every morning, I watch it because I like it. 먹튀보증업체

    ReplyDelete
  72. 안전공원추천 Great information and it is also very well written. I will bookmark and comeback soon

    ReplyDelete
  73. We all like the idea of having control over our time, working when we want and how we want to, and doing things at our own pace. These are good reasons to start your very own business. Then again, you may wonder what kind of business you should go into. nail chips

    ReplyDelete
  74. We all like the idea of having control over our time, working when we want and how we want to, and doing things at our own pace. These are good reasons to start your very own business. Then again, you may wonder what kind of business you should go into. mental health blog

    ReplyDelete
  75. Fashion stylists are indispensable for celebrities, fashion models and actors. Today, with people busy with their careers, we find many individuals too opting for the services of stylists. products

    ReplyDelete
  76. Your posts are always informative. This post was a very interesting topic for me too. 파워볼사이트 I wish I could visit the site I run and exchange opinions with each other. So have a nice day.


    ReplyDelete
  77. Like any other working environment, those in the construction industry may experience work accidents from time to time. If the employee's injury can be directly attributed to the mistakes of the employer, these accidents can lead to successful construction accident claims. بروش

    ReplyDelete
  78. This is the perfect post.casino trực tuyến It helped me a lot. If you have time, I hope you come to my site and share your opinions. Have a nice day.


    ReplyDelete
  79. I'm writing on this topic these days, 메리트카지노, but I have stopped writing because there is no reference material. Then I accidentally found your article. I can refer to a variety of materials, so I think the work I was preparing will work! Thank you for your efforts.


    ReplyDelete
  80. Failure to understand the reality about beauty can be overwhelming and depressing. This article gives an honest perspective on the concept of beauty and leads on to practical tips on enhancing your beauty and health. Joseph Hobbs

    ReplyDelete
  81. I ve always been wasting my time, but I m here to read a lot of good information and good articles. Please update it every day. Thank you. 토토사이트

    ReplyDelete
  82. minute but I have saved it and also included your RSS feeds, so when I have time I will be back to read a lot more, Please do keep up the great work. commercial sign company near me

    ReplyDelete
  83. After reading your article I was amazed. I know that you explain it very well. And I hope that other readers will also experience how I fee 토토

    ReplyDelete
  84. Dergh.com is a social networking website that provides a safe platform for everyone. Our mission is to help people find and share anything from topics to messages. Dergh.com supports public and private messaging, profiles, pictures, search, notification, multimedia, polls and much more make friends

    ReplyDelete
  85. There are many different avenues one can go down when they desire a career in fashion. From Fashion designer to celebrity stylist learn all about the hot careers in fashion. بوركيني

    ReplyDelete
  86. Every good business must have a roadmap that tells exactly how the company is, its potentials and makeup. This important document serves as a guarantee for assistance by any technical or financial institution. It is thus imperative that young entrepreneurs consider developing their own business plan for their enterprises. Singapore Payroll

    ReplyDelete
  87. If you want to start a business from scratch and are lacking experience in that specific industry then this article is for you to read. Find out the most comprehensive details about starting a fresh business without any experience at all. متجر القط العسيري

    ReplyDelete
  88. 챔피언바둑이 Winning Strategy " 3 in 1 System " By Gambling Chi 8/13/20

    ReplyDelete
  89. 몰디브 게임 다운로드 card game | 21 card game in hindi | how to play | rules | The Games Unboxing

    ReplyDelete
  90. The readers of this article are given practical advice that they can use to choose new home security alarms for their Melbourne Dahua. It outlines the key considerations that must be made when purchasing a new security alarm system.

    ReplyDelete
  91. Thanks for information and would like to request you follow below Oracle Apex Training


    ReplyDelete


  92. Thanks for information and would like to request you follow below Oracle Apex Training

    Oracle Apex Training.
    Thanks for contacting us

    ReplyDelete