ZoneMinder installation with Debian

A fully detailed guide on how you can install Zoneminder on your own private server running Debian with SSL integration.

Why?

I was doubting between purchasing a Network Video Recorder (NVS) and setting up an old server with ZoneMinder.

Update: Since 2022 I have a DVR to save on power consumption

Server hardware

• Dell PowerEdge R310 1U server (2010 version)
• OS disks (300GB usable)
  • 2x 300GB Dell HGST Ultrastar 15K600 (SAS 6Gbps)
  • RAID 1
  • Write-Through enabled
  • 64K stripe size
  • Take note that RAID 1 provides mirror and thus 1 disk redundancy, it offers no parity, striping, or spanning
• Storage disks (1.8TB usable)
  • 2x 1TB Dell HGST Ultrastar 15K600 (SAS 6Gbps)
  • RAID 0 (yes, seriously)
  • Write-Back enabled
  • 128K stripe size
  • Take note that RAID 0 provides no fault tolerance or redundancy
• 24GB DDR3 ECC RAM @ 800MHz
• Intel Xeon X3470 8MB cache, 4 cores, 8 threads, running @2.93GHz
• 2x 1GB Broadcom BCM5716 Network adapters in LACP mode for teaming (bond0)

Camera’s

• 1x HikVision DS-2CD2143G0 with 4MP
• 2x HikVision DS-2CD2385G1 with 4K and 8MP
• 2x HikVision DS-KB8112 doorstation intercoms

Good to know

• Set the NIC type to fixed 100(0)M Full Duplex on both the camera and switch to prevent duplex mismatches
• If using h.264 set the camera settings through the camera app directly e.g. IVM-4200 for HikVision cams
  • Bitrate = variable
  • Max. Bitrate = 8192 Kbps (bitrate calculation)
  • Framerate = 10 FPS (25 is not really needed for a security camera, as 10 will show you all the information you need)
  • I-Frame interval = 10 (should match your FPS)
  • Video encoding = H.26
  • SVC = off

Installation steps

Hardware preparation & Debian installation

1. Install all the needed hardware devices
2. Set up the RAID configs for the OS and Storage volumes
3. For my installation stick of Debian 10 I needed to include the BCM5716 drivers from the Debian packages site
   1. Download firmware-bnx2
   2. Extract in your USB installation stick /firmware(s) folder
4. Follow the default installation steps
   1. Under disk configuration you can already provision the Storage drive if you wish. I’ve did this and set it as /storage
5. Once installed reboot and login

Basic settings

1. Increase the /dev/shm size, the SHM is the SHared Memory:
   1. Command “sudo nano /etc/fstab”
      1. add the following line “tmpfs /dev/shm tmpfs defaults,size=32G 0 0“
   2. More information about the SHM
      
2. OPTIONAL STEP: Set up the LACP bond
   1. Install “apt-get install ifenslave“
   2. Command “sudo nano /etc/network/interfaces“
      iface bond0 inet static
address x.x.x.x #server IP address
netmask x.x.x.x # e.g. 255.255.255.0
network x.x.x.x # e.g. 192.168.1.0
gateway x.x.x.x # e.g 192.168.1.254
slaves eth1 eth2 #eth1 eth2 could differ for your server
bond-mode 802.3ad
bond-miimon 100
bond-downdelay 200
bond-updelay 200
      
3. (If you skipped step 2) Set your network interface(s)
   1. Command “sudo nano /etc/network/interfaces“
      iface eth0 inet static
address x.x.x.x #server IP address
netmask x.x.x.x # e.g. 255.255.255.0
network x.x.x.x # e.g. 192.168.1.0
gateway x.x.x.x # e.g 192.168.1.254
      
4. Set your resolv.conf
   1. Command “sudo nano /etc/resolv.conf“
      domain domain.com # If you have a domain name!
search domain.com. # If you have a domain name, add the dot '.' on the end
nameserver x.x.x.x #e.g. 8.8.8.8
nameserver x.x.x.x #e.g. 8.8.4.4
5. Create the storage locations for ZM under your storage disk
   1. Command “sudo mkdir /storage/zoneminder /storage/zoneminder/events/ /storage/zoneminder/images/“
      
6. Install Zoneminder by following the steps from their website.
   
7. After step 5 change the folder permissions with the command “chown -R www-data:www-data /storage/zoneminder/ /storage/zoneminder/events/ /storage/zoneminder/images/“

How to secure your ZM installation with SSL?

1. Enable the SSL option for PHP by running command “sudo a2enmod ssl“
2. Create the default SSL configuration by running command “sudo a2ensite default-ssl.conf”
3. Restart your Apache server with the command “systemctl restart apache2“
4. Upload your own SSL certificate and private key with something like WinSCP to your server /home/YourUser/Certificates
5. Then do a copy command
   cp /home/YourUser/Certificates/mycert.domain.com-crt /etc/ssl/certs/
cp /home/YourUser/Certificates/mycert.domain.com-key.pem /etc/ssl/private/
6. Change the default-ssl.conf to use your own certifcate
   1. Command “sudo nano /etc/apache2/sites-enabled/default-ssl.conf”
      1. Optional change your port by changing the VirtualHost part
      2. <VirtualHost _default_:443> change to e.g. <VirtualHost _default_:8080>
      3. Change your certificate and private key paths
         SSLCertificateFile /etc/ssl/certs/mycert.domain.com-crt.pem
SSLCertificateKeyFile /etc/ssl/private/mycert.domain.com-key.pem
7. Change the 000-default.conf and set redirects
   1. Command “sudo nano /etc/apache2/sites-enabled/000-default.conf“
      <VirtualHost *:80>
 ServerName camera.mydomain.com
 Redirect permanent / https://camera.mydomain.com:8080/zm/
</VirtualHost>
<VirtualHost *:443>
 ServerAdmin webmaster@localhost
 DocumentRoot /var/www/html
 # Logs
 ErrorLog ${APACHE_LOG_DIR}/error.log
 CustomLog ${APACHE_LOG_DIR}/access.log combined
 # Redirect
 Redirect permanent / https://camera.mydomain.com:8080/zm/
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
8. Change your Apache listening ports
   1. Command “sudo nano /etc/apache2/ports.conf“
      # If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default.conf
Listen 80
Listen 8080 <IfModule ssl_module>
Listen 443
</IfModule> <IfModule mod_gnutls.c>
Listen 443
</IfModule> # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
9. Finally restart Apache (or reboot your server)”sudo systemctl restart apache2“
10. Now your browser should show a valid HTTPS connection
    

Finalize your ZM installation

1. Go to your ZM webpage https://YourServerIP:8080/zm/ or http://YourServerIP/zm/ if you didn’t followed the certificate installation steps
2. From there you can now set your camera’s and server specific config 🙂
3. Setting the additional storage location
   1. Go to Options
   2. Storage
   3. Add a new storage
      1. Name = e.g Storage
      2. Path = location of your storage e.g. /storage/zoneminder/events
      3. URL = leave as isAdd new storage
      4. Server = leave as is
      5. Type = local
      6. Scheme = leave as is (changes how ZM creates folders and files under your storage location)
      7. Do deletes = yes
   4. Do not remove the Default location (Trust me)

Optional packages

Install network, disk, cpu and memory monitoring packages

1. “sudo apt-get install htop atop iftop libpcap0.8 libpcap0.8-dev libncurses5 libncurses5-dev“
2. To use htop -> command “sudo htop“
3. To use atop -> command “sudo atop“
4. To use iftop -> command “sudo iftop -i bond0” (-i to specify the network interface)