ZoneMinder installation with Debian

Intro

I was doubting between purchasing a Network Video Recorder (NVS) and setting up an old server with ZoneMinder.

Guess what it became... ;)

 

Server hardware:

  • Dell PowerEdge R310 1U server (2010 version)
  • OS disks (300GB usable)
    • 2x 300GB Dell HGST Ultrastar 15K600 (SAS 6Gbps)
    • RAID 1
    • Write-Through enabled
    • 64K stripe size
    • Take note that RAID 1 provides mirror and thus 1 disk redundancy, it offers no parity, striping, or spanning
  • Storage disks (1.8TB usable)
    • 2x 1TB Dell HGST Ultrastar 15K600 (SAS 6Gbps)
    • RAID 0 (yes, seriously)
    • Write-Back enabled
    • 128K stripe size
    • Take note that RAID 0 provides no fault tolerance or redundancy
  • 24GB DDR3 ECC RAM @ 800MHz
  • Intel Xeon X3470 8MB cache, 4 cores, 8 threads, running @2.93GHz
  • PNY Nvidia NVS510 Quadro card (for h.264 decoding and image processing, ai, ...) <- soon to be installed
  • 2x 1GB Broadcom BCM5716 Network adapters in LACP mode for teaming (bond0)

Camera's:

  • 1x HikVision DS-2CD2143G0 with 4MP
  • 2x HikVision DS-2CD2385G1 with 4K and 8MP
  • 2x HikVision DS-KB8112 doorstation intercoms

Good to know:

  • Set the NIC type to fixed 100(0)M Full Duplex on both the camera and switch to prevent duplex mismatches
  •  If using h.264 set the camera settings through the camera app directly e.g. IVM-4200 for HikVision cams.
    • Bitrate = variable
    • Max. Bitrate = 8192 Kbps (bitrate calculation)
    • Framerate = 10 FPS (25 is not really needed for a security camera, as 10 will show you all the information you need)
    • I-Frame interval = 10 (should match your FPS)
    • Video encoding = H.264
    • SVC = Off

Installation steps

Hardware preparation & Debian installation:

  1. Install all the needed hardware devices
  2. Set up the RAID configs for the OS and Storage volumes
  3. For my installation stick of Debian 10 I needed to include the BCM5716 drivers from the Debian packages site
    1. Download firmware-bnx2
    2. Extract in your USB installation stick /firmware(s) folder
  4. Follow the default installation steps
    1. Under disk configuration you can already provision the Storage drive if you wish. I've did this and set it as /storage
  5. Once installed reboot and login

Basic settings:

  1. Increase the /dev/shm size, the SHM is the SHared Memory:
    1. Command "sudo nano /etc/fstab"
      1. add the following line "tmpfs /dev/shm tmpfs defaults,size=32G 0 0"
    2. More information about the SHM

  2. OPTIONAL STEP: Set up the LACP bond
    1. Install "apt-get install ifenslave"
    2. Command "sudo nano /etc/network/interfaces"
      iface bond0 inet static
      address x.x.x.x #server IP address
      netmask x.x.x.x # e.g. 255.255.255.0
      network x.x.x.x # e.g. 192.168.1.0
      gateway x.x.x.x # e.g 192.168.1.254
      slaves eth1 eth2 #eth1 eth2 could differ for your server
      bond-mode 802.3ad
      bond-miimon 100
      bond-downdelay 200
      bond-updelay 200

  3. (If you skipped step 2) Set your network interface(s)
    1. Command "sudo nano /etc/network/interfaces"
      1. iface eth0 inet static
        address x.x.x.x #server IP address
        netmask x.x.x.x # e.g. 255.255.255.0
        network x.x.x.x # e.g. 192.168.1.0
        gateway x.x.x.x # e.g 192.168.1.254

  4. Set your resolv.conf
    1. Command "sudo nano /etc/resolv.conf"
      1. domain domain.com # If you have a domain name!
        search domain.com. # If you have a domain name, add the dot '.' on the end
        nameserver x.x.x.x #e.g. 8.8.8.8
        nameserver x.x.x.x #e.g. 8.8.4.4

  5. Install your video card software (Nvidia + CUDA driver in my example)
    1. Command "sudo apt-get install nvidia-smi nvidia-driver nvidia-detect nvidia-cuda-toolkit"

  6. Create the storage locations for ZM under your storage disk
    1. Command "sudo mkdir /storage/zoneminder /storage/zoneminder/events/ /storage/zoneminder/images/"

  7. Install Zoneminder by following the steps from their website.

  8. After step 5 change the folder permissions with the command "chown -R www-data:www-data /storage/zoneminder/ /storage/zoneminder/events/ /storage/zoneminder/images/"

How to secure your ZM with SSL?

  1. Enable the SSL option for PHP by running command "sudo a2enmod ssl"

  2. Create the default SSL configuration by running command "sudo a2ensite default-ssl.conf"

  3. Restart your Apache server with the command "systemctl restart apache2"

  4. Upload your own SSL certificate and private key with something like WinSCP to your server /home/YourUser/Certificates

  5. Then do a copy command
    cp /home/YourUser/Certificates/mycert.domain.com-crt /etc/ssl/certs/
    cp /home/YourUser/Certificates/mycert.domain.com-key.pem /etc/ssl/private/

  6. Change the default-ssl.conf to use your own certifcate
    1. Command "sudo nano /etc/apache2/sites-enabled/default-ssl.conf"
      1. Optional change your port by changing the VirtualHost part
      2. <VirtualHost _default_:443> change to e.g. <VirtualHost _default_:8080>
      3. Change your certificate and private key paths
        SSLCertificateFile /etc/ssl/certs/mycert.domain.com-crt.pem
        SSLCertificateKeyFile /etc/ssl/private/mycert.domain.com-key.pem

  7. Change the 000-default.conf and set redirects
    1. Command "sudo nano /etc/apache2/sites-enabled/000-default.conf"
      1. <VirtualHost *:80>
         ServerName camera.mydomain.com
         Redirect permanent / https://camera.mydomain.com:8080/zm/
        </VirtualHost>
        <VirtualHost *:443>
         ServerAdmin webmaster@localhost
         DocumentRoot /var/www/html
         # Logs
         ErrorLog ${APACHE_LOG_DIR}/error.log
         CustomLog ${APACHE_LOG_DIR}/access.log combined
         # Redirect
         Redirect permanent / https://camera.mydomain.com:8080/zm/
        </VirtualHost>
        # vim: syntax=apache ts=4 sw=4 sts=4 sr noet

  8. Change your Apache listening ports
    1. Command "sudo nano /etc/apache2/ports.conf"
      1. # If you just change the port or add more ports here, you will likely also
        # have to change the VirtualHost statement in
        # /etc/apache2/sites-enabled/000-default.conf
        Listen 80
        Listen 8080

        <IfModule ssl_module>
        Listen 443
        </IfModule>

        <IfModule mod_gnutls.c>
        Listen 443
        </IfModule>

        # vim: syntax=apache ts=4 sw=4 sts=4 sr noet

  9. Finally restart Apache (or reboot your server)
    1. Command "sudo systemctl restart apache2"

Finalize your ZM installation

  1. Go to your ZM webpage https://YourServerIP:8080/zm/ or http://YourServerIP/zm/ if you didn't followed the certificate installation steps
  2. From there you can now set your camera's and server specific config :)
  3. Setting the additional storage location
    1. Go to Options
    2. Storage
    3. Add a new storage
      1. Name = e.g Storage
      2. Path = location of your storage e.g. /storage/zoneminder/events
      3. URL = leave as isAdd new storage
      4. Server = leave as is
      5. Type = local
      6. Scheme = leave as is (changes how ZM creates folders and files under your storage location)
      7. Do deletes = yes
    4. Do not remove the Default location (Trust me)

Optional good to add packages

  1. Install network, disk, cpu and memory monitoring packages
    1. command "sudo apt-get install htop atop iftop libpcap0.8 libpcap0.8-dev libncurses5 libncurses5-dev"
    2. To use htop -> command "sudo htop"
    3. To use atop -> command "sudo atop"
    4. To use iftop -> command "sudo iftop -i bond0" (-i to specify the network interface)

To Do (on my part/ WIP)

  1. I have ordered an Nvidia Quadro NVS510 card that will serve the purpose of decoding/ encoding the h.264 video streams of the cameras.
    My current CPU is not performing fantastically with decoding the video streams and is causing a high CPU load.

  2. Add and enable ZMEventNotification to add AI with Machine Learning powered recognition (according to the GitHub page)

 

 

PS: All commands are between quotes ("...") and are preceeded with the word command.

Gallery


Comments

Loading Comments...