3

So here's my setup: IP camera -> Raspberry Pi (Raspbian) -> WiFi -> my server

I am currently using motion to retrieve the camera's stream on my RPi. I am able to view it on the local network (192.168.x.x:8080) through my browser (it's an Mjpeg stream).

I would now like to publish this online so I can view it from http://camera.example.com/ for example. The difference here is that I would like to do so independently of the WiFi network used (so I cannot simply open a port on my router to accept a connection from the server).

I think this would be possible using WebSockets but I never used them before. Or is there some tool that already exists AND is easy to use ? There are many streaming tools out there, but they all seem to be Windows-GUI programs rather than command line tools.

The choice of language is Python, but if for some reason another language would be more suited that is fine too. Also, I do not need to use motion specifically, so if there is a better alternative that would work too. Thanks !

lesurp
  • 343
  • 4
  • 19

1 Answers1

0

As a set of minimum steps you will need

  1. A domain name that points to your public IP address
  2. A way of keeping the DNS records for the domain up to date as your IP periodically changes (a free dynamic IP from noip.com will help with the first point, and they have a client you can install which will keep their DNS updated with your current IP)
  3. A port forwarding rule on your router to forward port 8080 (and the stream port for the camera stream, probably 8081 but you can change that in the Motion config) to the internal (192.168.x.x) IP of your Pi
  4. A DHCP reservation in your router to reserve the IP of the Pi (otherwise if the internal IP changes you will need to change the port forwarding rule)
  5. You will now be able to access on the internet via the domain name e.g. http://camera.example.com:8080

BUT...

You have just allowed an insecure http (unencrypted) access into a device on your home network, which could then be exploited (someone could view your cameras, or perhaps gain further access to the Pi and other devices on your network...)

You can enable authentication for the web control gui in Motion config but it’s still being served over http and so easy to hack or to intercept.

So, I would also want to ensure it is all accessible only via https (secure,encrypted).

Items you will need:

  • an SSL certificate for your domain (available for free from letsencrypt.org)
  • a web server on the Pi (since Motion doesn’t use any installed webserver but instead has its own inbuilt one) - I’d recommend Nginx or Apache
  • certbot (to generate/install the certificate on the pi)
  • configure the web server to be a reverse proxy and serve the http motion website as https using your SSL certificate
  • secure the website (both apache and nginx support http basic authentication which, if the reverse proxy is configured correctly, will be served over https so encrypted, which is better than unencrypted, base64 encoded (and easily decoded) credential info transmitted in the clear for all to see/intercept).

Other authentication options are available with some extra work but as a bare minimum basic auth and full https are better than nothing.

Graham Gold
  • 2,435
  • 2
  • 25
  • 34