diff --git a/.gitignore b/.gitignore index f94d6cc98..0dae662d7 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ +# If you are adding to this file, please ensure sorting is maintained. If using vim, you can use :%sort u CMakeCache.txt CMakeFiles/ Makefile diff --git a/distros/fedora/CMakeLists.txt b/distros/fedora/CMakeLists.txt index d4b94a60a..507c99293 100644 --- a/distros/fedora/CMakeLists.txt +++ b/distros/fedora/CMakeLists.txt @@ -3,11 +3,17 @@ # Display a message to show the Fedora build options are being processed. message([STATUS] "Starting Fedora Build Options" ...) -# Create the ZoneMinder Apache config file +# Process config files configure_file(zoneminder.service.in ${CMAKE_CURRENT_SOURCE_DIR}/zoneminder.service @ONLY) -configure_file(zoneminder.conf.in ${CMAKE_CURRENT_SOURCE_DIR}/zoneminder.conf @ONLY) configure_file(zoneminder.tmpfiles.in ${CMAKE_CURRENT_SOURCE_DIR}/zoneminder.tmpfiles @ONLY) configure_file(zoneminder.logrotate.in ${CMAKE_CURRENT_SOURCE_DIR}/zoneminder.logrotate @ONLY) +if(ZM_WEB_USER STREQUAL "nginx") + configure_file(nginx/zoneminder.conf.in ${CMAKE_CURRENT_SOURCE_DIR}/zoneminder.conf @ONLY) + configure_file(nginx/zoneminder.php-fpm.conf.in ${CMAKE_CURRENT_SOURCE_DIR}/zoneminder.php-fpm.conf @ONLY) + configure_file(nginx/README.Fedora ${CMAKE_CURRENT_SOURCE_DIR}/README.Fedora COPYONLY) +else(ZM_WEB_USER STREQUAL "nginx") + configure_file(zoneminder.conf.in ${CMAKE_CURRENT_SOURCE_DIR}/zoneminder.conf @ONLY) +endif(ZM_WEB_USER STREQUAL "nginx") # Unpack jscalendar & move files into position message(STATUS "Unpacking and Installing jscalendar...") @@ -42,7 +48,13 @@ install(CODE "execute_process(COMMAND ln -sf ../../../../../../var/lib/zoneminde install(CODE "execute_process(COMMAND ln -sf ../../java/cambozola.jar \"\$ENV{DESTDIR}${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/cambozola.jar\")") # Install auxiliary files required to run zoneminder on Fedora -install(FILES zoneminder.conf DESTINATION /etc/httpd/conf.d PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ) +if(ZM_WEB_USER STREQUAL "nginx") + install(FILES zoneminder.conf DESTINATION /etc/nginx/default.d PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ) + install(FILES zoneminder.php-fpm.conf DESTINATION /etc/php-fpm.d PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ RENAME zoneminder.conf) +else(ZM_WEB_USER STREQUAL "nginx") + install(FILES zoneminder.conf DESTINATION /etc/httpd/conf.d PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ) +endif(ZM_WEB_USER STREQUAL "nginx") + install(FILES zoneminder.logrotate DESTINATION /etc/logrotate.d RENAME zoneminder PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ) install(FILES ../../misc/zoneminder-tmpfiles.conf DESTINATION /etc/tmpfiles.d RENAME zoneminder.conf PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ) install(FILES redalert.wav DESTINATION ${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/sounds PERMISSIONS OWNER_WRITE OWNER_READ OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) diff --git a/distros/fedora/nginx/README.Fedora b/distros/fedora/nginx/README.Fedora new file mode 100644 index 000000000..40b8b875d --- /dev/null +++ b/distros/fedora/nginx/README.Fedora @@ -0,0 +1,163 @@ +What's New +========== + +1. This is an *experimental* build of zoneminder which uses the + nginx web server. + +2. The Apache ScriptAlias has been changed from "/cgi-bin/zm/zms" to + "/cgi-bin-zm/zms". This has been to done to avoid this bug: + https://bugzilla.redhat.com/show_bug.cgi?id=973067 + + IMPORTANT: You must manually inspect the value for PATH_ZMS under Options + and verify it is set to "/cgi-bin-zm/nph-zms". Failure to do so will result + in a broken system. You have been warned. + +3. Due to the active state of the ZoneMinder project, we now recommend granting + ALL permission to the ZoneMinder mysql account. This change must be done + manually before ZoneMinder will run. See the installation steps below. + +4. This package uses the HTTPS protocol by default to access the web portal. + Requests using HTTP will auto-redirect to HTTPS. See README.https for + more information. + +5. This package ships with the new ZoneMinder API enabled. + +New installs +============ + +1. This package supports either community-mysql-server or mariadb-server with + mariadb being the preferred choice. Unless you are already using MariaDB or + Mysql server, you need to ensure that the server is configured to start + during boot and properly secured by running: + + sudo yum install mariadb-server + sudo systemctl enable mariadb + sudo systemctl start mariadb.service + mysql_secure_installation + +2. Assuming the database is local and using the password for the root account + set during the previous step, you will need to create the ZoneMinder + database and configure a database account for ZoneMinder to use: + + mysql -uroot -p < /usr/share/zoneminder/db/zm_create.sql + mysql -uroot -p -e "grant all on zm.* to \ + 'zmuser'@localhost identified by 'zmpass';" + mysqladmin -uroot -p reload + + The database account credentials, zmuser/zmpass, are arbitrary. Set them to + anything that suits your environment. + +3. If you have chosen to change the zoneminder database account credentials to + something other than zmuser/zmpass, you must now edit /etc/zm/zm.conf. + Change ZM_DB_USER and ZM_DB_PASS to the values you created in the previous + step. + + This version of zoneminder no longer requires you to make a similar change + to the credentials in /usr/share/zoneminder/www/api/app/Config/database.php + This now happens dynamically. Do *not* make any changes to this file. + +4. Edit /etc/php.ini, uncomment the date.timezone line, and add your local + timezone. PHP will complain loudly if this is not set, or if it is set + incorrectly, and these complaints will show up in the zoneminder logging + system as errors. + + If you are not sure of the proper timezone specification to use, look at + http://php.net/date.timezone + +5. Disable SELinux + + We currently do not have the resources to create and maintain an accurate + SELinux policy for ZoneMinder on Fedora. We will gladly accept pull + reqeusts from anyone who wishes to do the work. In the meantime, SELinux + will need to be disabled or put into permissive mode. + + To immediately disbale SELinux for the current seesion, issue the following + from the command line: + + sudo setenforce 0 + + To permanently disable SELinux, edit /etc/selinux/config and change the + SELINUX line from "enforcing" to "disabled". This change will take + effect after a reboot. + +6. This package comes preconfigured for HTTPS using the default self signed + certificate on your system. We recommend you keep this configuration. + + If this does not meet your needs, then read README.https to + learn about alternatives. + +7. Edit /etc/sysconfig/fcgiwrap and set DAEMON_PROCS to the maximum number of + simulatneous streams the server should support. Generally, a good minimum + value for this equals the total number of cameras you expect to view at the + same time. + +8. Now start the web server: + + sudo systemctl enable nginx + sudo systemctl start nginx + +9. Now start zoneminder: + + sudo systemctl enable zoneminder + sudo systemctl start zoneminder + +10.The Fedora repos have a ZoneMinder package available, but it does not + support ffmpeg or libvlc, which many modern IP cameras require. Most users + will want to prevent the ZoneMinder package in the Fedora repos from + overwriting the ZoneMinder package in zmrepo, during a future dnf update. To + prevent that from happening you must edit /etc/yum.repos.d/fedora.repo + and /etc/yum.repos.d/fedora-updates.repo. Add the line "exclude=zoneminder*" + without the quotes under the [fedora] and [fedora-updates] blocks, + respectively. + +Upgrades +======== + +1. Verify /etc/zm/zm.conf. + + If zm.conf was manually edited before running the upgrade, the installation + may not overwrite it. In this case, it will create the file + /etc/zm/zm.conf.rpmnew. + + For example, this will happen if you are using database account credentials + other than zmuser/zmpass. + + Compare /etc/zm/zm.conf to /etc/zm/zm.conf.rpmnew. Verify that zm.conf + contains any new config settings that may be in zm.conf.rpmnew. + + This version of zoneminder no longer requires you to make a similar change + to the credentials in /usr/share/zoneminder/www/api/app/Config/database.php + This now happens dynamically. Do *not* make any changes to this file. + +2. Verify permissions of the zmuser account. + + Over time, the database account permissions required for normal operation + have increased. Verify the zmuser database account has been granted all + permission to the ZoneMinder database: + + mysql -uroot -p -e "show grants for zmuser@localhost;" + + See step 2 of the Installation section to add missing permissions. + +3. Verify the ZoneMinder Apache configuration file in the folder + /etc/httpd/conf.d. You will have a file called "zoneminder.conf" and there + may also be a file called "zoneminder.conf.rpmnew". If the rpmnew file + exists, inspect it and merge anything new in that file with zoneminder.conf. + Verify the SSL REquirements meet your needs. Read README.https if necessary. + +4. Upgrade the database before starting ZoneMinder. + + Most upgrades can be performed by executing the following command: + + sudo zmupdate.pl + + Recent versions of ZoneMinder don't require any parameters added to the + zmupdate command. However, if ZoneMinder complains, you may need to call + zmupdate in the following manner: + + sudo zmupdate.pl --user=root --pass= --version= + +5. Now start zoneminder: + + sudo systemctl start zoneminder + diff --git a/distros/fedora/nginx/zoneminder.conf.in b/distros/fedora/nginx/zoneminder.conf.in new file mode 100644 index 000000000..b8ffd816a --- /dev/null +++ b/distros/fedora/nginx/zoneminder.conf.in @@ -0,0 +1,49 @@ +listen 443 ssl; +listen [::]:443 ssl; + +ssl_certificate "/etc/pki/tls/certs/localhost.crt"; +ssl_certificate_key "/etc/pki/tls/private/localhost.key"; +ssl_session_cache shared:SSL:1m; +ssl_session_timeout 10m; +ssl_ciphers PROFILE=SYSTEM; +ssl_prefer_server_ciphers on; + +# Auto-redirect HTTP requests to HTTPS +if ($scheme != "https") { + rewrite ^/?(zm)(.*)$ https://$host/$1$2 permanent; +} + +location /cgi-bin-zm { + gzip off; + alias "@ZM_CGIDIR@"; + + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_pass unix:/run/fcgiwrap.sock; +} + +location /zm { + gzip off; + alias "@ZM_WEBDIR@"; + index index.php; + + location ~ \.php$ { + if (!-f $request_filename) { return 404; } + expires epoch; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_index index.php; + fastcgi_pass unix:/run/php-fpm/www.sock; + } + + location ~ \.(jpg|jpeg|gif|png|ico)$ { + access_log off; + expires 33d; + } + + location /zm/api/ { + alias "@ZM_WEBDIR@"; + rewrite ^/zm/api(.+)$ /zm/api/index.php?p=$1 last; + } +} + diff --git a/distros/fedora/nginx/zoneminder.php-fpm.conf.in b/distros/fedora/nginx/zoneminder.php-fpm.conf.in new file mode 100644 index 000000000..2c9f32955 --- /dev/null +++ b/distros/fedora/nginx/zoneminder.php-fpm.conf.in @@ -0,0 +1,5 @@ +# Change the user and group of the default pool to the web server account +[www] + +user = @WEB_USER@ +group = @WEB_GROUP@ diff --git a/web/skins/classic/views/js/login.js.php b/web/skins/classic/views/js/login.js.php index e18fce8dc..1df69c5b4 100644 --- a/web/skins/classic/views/js/login.js.php +++ b/web/skins/classic/views/js/login.js.php @@ -1 +1 @@ -var failed = ; +var failed = ;