Merge pull request #2293 from knight-of-ni/rpm-nginx

update nginx support on redhat
This commit is contained in:
Andrew Bauer 2018-11-04 17:13:11 -06:00 committed by GitHub
commit e6e7069ec0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 118 additions and 72 deletions

View File

@ -1,39 +1,34 @@
What's New
==========
1. This is an *experimental* build of zoneminder which uses the
nginx web server.
1. See the ZoneMinder release notes for a list of new features:
https://github.com/ZoneMinder/zoneminder/releases
2. The Apache ScriptAlias has been changed from "/cgi-bin/zm/zms" to
"/cgi-bin-zm/zms". This has been to done to avoid this bug:
https://bugzilla.redhat.com/show_bug.cgi?id=973067
2. The contents of the ZoneMinder Apache config file have changed. In
addition, this ZoneMinder package now requires you to manually symlink the
ZoneMinder Apache config file. See new install step 6 and upgrade step 3
below for details.
IMPORTANT: You must manually inspect the value for PATH_ZMS under Options
and verify it is set to "/cgi-bin-zm/nph-zms". Failure to do so will result
in a broken system. You have been warned.
3. Due to the active state of the ZoneMinder project, we now recommend granting
ALL permission to the ZoneMinder mysql account. This change must be done
manually before ZoneMinder will run. See the installation steps below.
4. This package uses the HTTPS protocol by default to access the web portal.
Requests using HTTP will auto-redirect to HTTPS. See README.https for
more information.
5. This package ships with the new ZoneMinder API enabled.
3. This is an experimental build of ZoneMinder supporting nginx, rather than
apache web server.
4. If you have installed ZoneMinder from the FedBerry repositories, this build
of ZoneMinder has support for Raspberry Pi hardware acceleration when using
ffmpeg. Unforunately, there is a problem with the same hardware acceleration
when using libvlc. Consequently, libvlc support in thie build of ZoneMinder
has been disabled until the problem is resolved. See the following bug
report for details: https://trac.videolan.org/vlc/ticket/18594
New installs
============
1. This package supports either community-mysql-server or mariadb-server with
mariadb being the preferred choice. Unless you are already using MariaDB or
Mysql server, you need to ensure that the server is configured to start
during boot and properly secured by running:
1. Unless you are already using MariaDB server, you need to ensure that the
server is configured to start during boot and properly secured by running:
sudo dnf install mariadb-server
sudo systemctl enable mariadb
sudo systemctl start mariadb.service
mysql_secure_installation
sudo dnf install mariadb-server
sudo systemctl enable mariadb
sudo systemctl start mariadb.service
mysql_secure_installation
2. Assuming the database is local and using the password for the root account
set during the previous step, you will need to create the ZoneMinder
@ -48,13 +43,17 @@ New installs
anything that suits your environment.
3. If you have chosen to change the zoneminder database account credentials to
something other than zmuser/zmpass, you must now edit /etc/zm/zm.conf.
Change ZM_DB_USER and ZM_DB_PASS to the values you created in the previous
step.
something other than zmuser/zmpass, you must now create a config file under
/etc/zm/conf.d and set your credentials there. For example, create the file
/etc/zm/conf.d/zm-db-user.conf and add the following content to it:
ZM_DB_USER = {username of the sql account you want to use}
ZM_DB_PASS = {password of the sql account you want to use}
This version of zoneminder no longer requires you to make a similar change
to the credentials in /usr/share/zoneminder/www/api/app/Config/database.php
This now happens dynamically. Do *not* make any changes to this file.
Once the file has been saved, set proper file & ownership permissions on it:
sudo chown root:apache *.conf
sudo chmod 640 *.conf
4. Edit /etc/php.ini, uncomment the date.timezone line, and add your local
timezone. PHP will complain loudly if this is not set, or if it is set
@ -80,54 +79,87 @@ New installs
SELINUX line from "enforcing" to "disabled". This change will take
effect after a reboot.
6. This package comes preconfigured for HTTPS using the default self signed
certificate on your system. We recommend you keep this configuration.
6. Configure the web server
If this does not meet your needs, then read README.https to
learn about alternatives.
This package uses the HTTPS protocol by default to access the web portal,
using the default self signed certificate on your system. Requests using
HTTP will auto-redirect to HTTPS.
7. Edit /etc/sysconfig/fcgiwrap and set DAEMON_PROCS to the maximum number of
Inspect the web server configuration file and verify it meets your needs:
/etc/zm/www/zoneminder.conf
If you are running other web enabled services then you may need to edit
this file to suite. See README.https to learn about other alternatives.
When in doubt, proceed with the default:
sudo ln -s /etc/zm/www/zoneminder.conf /etc/nginx/default.d/
7. Fcgiwrap is required when using ZoneMinder with Nginx. At the time of this
writing, fcgiwrap is not yet available in the Fedora repos. Until it
becomes available, you may install it from my Copr repository:
https://copr.fedorainfracloud.org/coprs/kni/fcgiwrap/
Follow the intructions on that site to enable the repo. Once enabled,
install fcgiwrap:
sudo dnf install fcgiwrap
After fcgiwrap is installed, it must be configured. Edit
/etc/sysconfig/fcgiwrap and set DAEMON_PROCS to the maximum number of
simulatneous streams the server should support. Generally, a good minimum
value for this equals the total number of cameras you expect to view at the
same time.
8. Now start the web server:
sudo systemctl enable nginx
sudo systemctl start nginx
sudo systemctl enable nginx
sudo systemctl start nginx
9. Now start zoneminder:
sudo systemctl enable zoneminder
sudo systemctl start zoneminder
sudo systemctl enable zoneminder
sudo systemctl start zoneminder
10.The Fedora repos have a ZoneMinder package available, but it does not
support ffmpeg or libvlc, which many modern IP cameras require. Most users
will want to prevent the ZoneMinder package in the Fedora repos from
overwriting the ZoneMinder package in zmrepo, during a future dnf update. To
prevent that from happening you must edit /etc/yum.repos.d/fedora.repo
and /etc/yum.repos.d/fedora-updates.repo. Add the line "exclude=zoneminder*"
without the quotes under the [fedora] and [fedora-updates] blocks,
respectively.
10. Optionally configure the firewall
All Redhat distros ship with the firewall enabled. That means you will not
be able to access the ZoneMinder web console from a remote machine until
changes are made to the firewall.
What follows are a set of minimal commands to allow remote access to the
ZoneMinder web console and also allow ZoneMinder's ONVIF discovery to
work. The following commands do not put any restrictions on which remote
machine(s) have access to the listed ports or services.
sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --permanent --zone=public --add-service=https
sudo firewall-cmd --permanent --zone=public --add-port=3702/udp
sudo firewall-cmd --reload
Additional changes to the firewall may be required, depending on your
security requirements and how you use the system. It is up to you to verify
these commands are sufficient.
11. Access the ZoneMinder web console
You may now access the ZoneMinder web console from your web browser using
an appropriate url. Here are some examples:
http://localhost/zm (works from the local machine only)
http://{machine name}/zm (works only if dns is configured for your network)
http://{ip address}/zm
Upgrades
========
1. Verify /etc/zm/zm.conf.
If zm.conf was manually edited before running the upgrade, the installation
may not overwrite it. In this case, it will create the file
/etc/zm/zm.conf.rpmnew.
For example, this will happen if you are using database account credentials
other than zmuser/zmpass.
Compare /etc/zm/zm.conf to /etc/zm/zm.conf.rpmnew. Verify that zm.conf
contains any new config settings that may be in zm.conf.rpmnew.
This version of zoneminder no longer requires you to make a similar change
to the credentials in /usr/share/zoneminder/www/api/app/Config/database.php
This now happens dynamically. Do *not* make any changes to this file.
1. Conf.d folder support has been added to ZoneMinder. Any custom
changes previously made to zm.conf must now be made in one or more custom
config files, created under the conf.d folder. Do this now. See
/etc/zm/conf.d/README for details. Once you recreate any custom config changes
under the conf.d folder, they will remain in place indefinitely.
2. Verify permissions of the zmuser account.
@ -139,12 +171,16 @@ Upgrades
See step 2 of the Installation section to add missing permissions.
3. Verify the ZoneMinder Apache configuration file in the folder
/etc/httpd/conf.d. You will have a file called "zoneminder.conf" and there
3. Verify the ZoneMinder Nginx configuration file in the folder
/etc/zm/www. You will have a file called "zoneminder.conf" and there
may also be a file called "zoneminder.conf.rpmnew". If the rpmnew file
exists, inspect it and merge anything new in that file with zoneminder.conf.
Verify the SSL REquirements meet your needs. Read README.https if necessary.
The contents of this file must be merged into your Nginx configuration.
See step 6 of the installation section if you have not already done this
during a previous upgrade.
4. Upgrade the database before starting ZoneMinder.
Most upgrades can be performed by executing the following command:

View File

@ -22,6 +22,10 @@ location /cgi-bin-zm {
fastcgi_pass unix:/run/fcgiwrap.sock;
}
location /zm/cache {
alias "@ZM_CACHEDIR@";
}
location /zm {
gzip off;
alias "@ZM_WEBDIR@";

View File

@ -1,10 +1,12 @@
# Change the user and group of the default pool to the web server account
; Change the user and group of the default pool to the web server account
[www]
user = @WEB_USER@
group = @WEB_GROUP@
# Uncomment these on machines with little memory
#pm = ondemand
#pm.max_children = 10
#pm.process_idle_timeout = 10s
; These parameters are typically a tradoff between performance and memory
; consumption. See the contents of www.conf for details.
pm = ondemand
pm.max_children = 50
pm.process_idle_timeout = 10s

View File

@ -1,5 +1,8 @@
D @ZM_TMPDIR@ 0755 @WEB_USER@ @WEB_GROUP@
D @ZM_SOCKDIR@ 0755 @WEB_USER@ @WEB_GROUP@
D @ZM_CACHEDIR@ 0755 @WEB_USER@ @WEB_GROUP@
d @ZM_DIR_EVENTS@ 0755 @WEB_USER@ @WEB_GROUP@
D @ZM_DIR_IMAGES@ 0755 @WEB_USER@ @WEB_GROUP@
D /var/lib/php/session 770 root @WEB_GROUP@
D /var/lib/php/wsdlcache 770 root @WEB_GROUP@

View File

@ -84,7 +84,8 @@ BuildRequires: libmp4v2-devel
BuildRequires: x264-devel
%{?with_nginx:Requires: nginx}
%{?with_nginx:Requires: fcgiwrap}
# Enable only after fcgiwrap is in Fedora repos
#%{?with_nginx:Requires: fcgiwrap}
%{?with_nginx:Requires: php-fpm}
%{!?with_nginx:Requires: httpd}
%{!?with_nginx:Requires: php}