zoneminder/distros/redhat/nginx
Andrew Bauer 9b46c92ac5 rpm pkg - add note to zm php-fpm config file 2018-11-15 09:19:26 -06:00
..
README.Fedora spelling 2018-11-04 17:14:46 -06:00
zoneminder.conf.in update nginx support on redhat 2018-11-04 17:11:19 -06:00
zoneminder.php-fpm.conf.in rpm pkg - add note to zm php-fpm config file 2018-11-15 09:19:26 -06:00
zoneminder.service.in rpm build tweaks based on rpmfusion feedback 2017-01-03 13:12:12 -06:00
zoneminder.tmpfiles.in update nginx support on redhat 2018-11-04 17:11:19 -06:00

README.Fedora

What's New
==========

1. See the ZoneMinder release notes for a list of new features:
   https://github.com/ZoneMinder/zoneminder/releases

2. The contents of the ZoneMinder Apache config file have changed. In
   addition, this ZoneMinder package now requires you to manually symlink the
   ZoneMinder Apache config file. See new install step 6 and upgrade step 3
   below for details.

3. This is an experimental build of ZoneMinder supporting nginx, rather than
   apache web server.

4. If you have installed ZoneMinder from the FedBerry repositories, this build
   of ZoneMinder has support for Raspberry Pi hardware acceleration when using
   ffmpeg. Unforunately, there is a problem with the same hardware acceleration
   when using libvlc. Consequently, libvlc support in this build of ZoneMinder
   has been disabled until the problem is resolved. See the following bug
   report for details: https://trac.videolan.org/vlc/ticket/18594
  
New installs
============

1. Unless you are already using MariaDB server, you need to ensure that the
   server is configured to start during boot and properly secured by running:

     sudo dnf install mariadb-server
     sudo systemctl enable mariadb
     sudo systemctl start  mariadb.service
     mysql_secure_installation

2. Assuming the database is local and using the password for the root account
   set during the previous step, you will need to create the ZoneMinder
   database and configure a database account for ZoneMinder to use:

     mysql -uroot -p < /usr/share/zoneminder/db/zm_create.sql
     mysql -uroot -p -e "grant all on zm.* to \
                        'zmuser'@localhost identified by 'zmpass';"
     mysqladmin -uroot -p reload

   The database account credentials, zmuser/zmpass, are arbitrary. Set them to
   anything that suits your environment.

3. If you have chosen to change the zoneminder database account credentials to
   something other than zmuser/zmpass, you must now create a config file under
   /etc/zm/conf.d and set your credentials there. For example, create the file
   /etc/zm/conf.d/zm-db-user.conf and add the following content to it:
      
     ZM_DB_USER = {username of the sql account you want to use}
     ZM_DB_PASS = {password of the sql account you want to use}

   Once the file has been saved, set proper file & ownership permissions on it:
  
     sudo chown root:apache *.conf
     sudo chmod 640 *.conf     

4. Edit /etc/php.ini, uncomment the date.timezone line, and add your local
   timezone.  PHP will complain loudly if this is not set, or if it is set
   incorrectly, and these complaints will show up in the zoneminder logging
   system as errors.

   If you are not sure of the proper timezone specification to use, look at
   http://php.net/date.timezone

5. Disable SELinux 

   We currently do not have the resources to create and maintain an accurate
   SELinux policy for ZoneMinder on Fedora. We will gladly accept pull
   reqeusts from anyone who wishes to do the work. In the meantime, SELinux
   will need to be disabled or put into permissive mode.
   
   To immediately disbale SELinux for the current seesion, issue the following
   from the command line:

     sudo setenforce 0

   To permanently disable SELinux, edit /etc/selinux/config and change the
   SELINUX line from "enforcing" to "disabled". This change will take
   effect after a reboot.

6. Configure the web server

   This package uses the HTTPS protocol by default to access the web portal,
   using the default self signed certificate on your system. Requests using
   HTTP will auto-redirect to HTTPS. 

   Inspect the web server configuration file and verify it meets your needs:

     /etc/zm/www/zoneminder.conf

   If you are running other web enabled services then you may need to edit
   this file to suite. See README.https to learn about other alternatives. 

   When in doubt, proceed with the default:

     sudo ln -s /etc/zm/www/zoneminder.conf /etc/nginx/default.d/

7. Fcgiwrap is required when using ZoneMinder with Nginx. At the time of this
   writing, fcgiwrap is not yet available in the Fedora repos. Until it
   becomes available, you may install it from my Copr repository:

      https://copr.fedorainfracloud.org/coprs/kni/fcgiwrap/

   Follow the intructions on that site to enable the repo. Once enabled, 
   install fcgiwrap:

      sudo dnf install fcgiwrap

   After fcgiwrap is installed, it must be configured. Edit 
   /etc/sysconfig/fcgiwrap and set DAEMON_PROCS to the maximum number of
   simulatneous streams the server should support. Generally, a good minimum 
   value for this equals the total number of cameras you expect to view at the
   same time.

8. Now start the web server:

     sudo systemctl enable nginx
     sudo systemctl start nginx

9. Now start zoneminder:

     sudo systemctl enable zoneminder
     sudo systemctl start zoneminder

10. Optionally configure the firewall

   All Redhat distros ship with the firewall enabled. That means you will not
   be able to access the ZoneMinder web console from a remote machine until
   changes are made to the firewall.

   What follows are a set of minimal commands to allow remote access to the
   ZoneMinder web console and also allow ZoneMinder's ONVIF discovery to
   work. The following commands do not put any restrictions on which remote
   machine(s) have access to the listed ports or services.

     sudo firewall-cmd --permanent --zone=public --add-service=http
     sudo firewall-cmd --permanent --zone=public --add-service=https
     sudo firewall-cmd --permanent --zone=public --add-port=3702/udp
     sudo firewall-cmd --reload

   Additional changes to the firewall may be required, depending on your
   security requirements and how you use the system. It is up to you to verify
   these commands are sufficient.

11. Access the ZoneMinder web console

   You may now access the ZoneMinder web console from your web browser using
   an appropriate url. Here are some examples:

     http://localhost/zm (works from the local machine only)
     http://{machine name}/zm (works only if dns is configured for your network)
     http://{ip address}/zm

Upgrades
========

1. Conf.d folder support has been added to ZoneMinder. Any custom
   changes previously made to zm.conf must now be made in one or more custom
   config files, created under the conf.d folder. Do this now. See 
   /etc/zm/conf.d/README for details. Once you recreate any custom config changes
   under the conf.d folder, they will remain in place indefinitely.

2. Verify permissions of the zmuser account.

   Over time, the database account permissions required for normal operation
   have increased. Verify the zmuser database account has been granted all
   permission to the ZoneMinder database:

     mysql -uroot -p -e "show grants for zmuser@localhost;"

   See step 2 of the Installation section to add missing permissions.
   
3. Verify the ZoneMinder Nginx configuration file in the folder 
   /etc/zm/www. You will have a file called "zoneminder.conf" and there
   may also be a file called "zoneminder.conf.rpmnew". If the rpmnew file
   exists, inspect it and merge anything new in that file with zoneminder.conf.
   Verify the SSL REquirements meet your needs. Read README.https if necessary.

   The contents of this file must be merged into your Nginx configuration.
   See step 6 of the installation section if you have not already done this
   during a previous upgrade.

4. Upgrade the database before starting ZoneMinder.

   Most upgrades can be performed by executing the following command:
   
     sudo zmupdate.pl

   Recent versions of ZoneMinder don't require any parameters added to the 
   zmupdate command. However, if ZoneMinder complains, you may need to call
   zmupdate in the following manner:

   sudo zmupdate.pl --user=root --pass=<mysql_root_pwd> --version=<from version>

5. Now restart nginx and php-fpm then start and zoneminder:

	sudo systemctl restart nginx
	sudo systemctl restart php-fpm
	sudo systemctl start zoneminder