Last active
April 28, 2018 13:17
-
-
Save j0n3/15d22d5d124ea48da20143b08d9fb39d to your computer and use it in GitHub Desktop.
Revisions
-
j0n3 revised this gist
Apr 28, 2018 . 1 changed file with 2 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -89,10 +89,10 @@ vi /etc/default/motion daemon on para iniciar el servicio automáticamente # nginx como proxy inverso con SSL Creamos el certificado autofirmado: ``` openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout /etc/ssl/certs/webcamstream.key -out /etc/ssl/certs/webcamstream.crt /etc/nginx/sites-available/webcam1 ``` Creamos el virtualhost de nginx: /etc/nginx/sites-available/webcam ``` -
Apr 28, 2018 . 1 changed file with 6 additions and 6 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -40,7 +40,7 @@ network={ Editamos /etc/network/interfaces ``` auto lo iface lo inet loopback @@ -53,7 +53,7 @@ iface wlan0 inet static address 192.168.0.220 netmask 255.255.255.0 gateway 192.168.0.1 ``` --- @@ -95,7 +95,7 @@ openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout /etc/ssl/certs/webc Creamos el virtualhost de nginx: /etc/nginx/sites-available/webcam ``` server { listen 80; return 301 https://$host$request_uri; @@ -119,12 +119,12 @@ location / { } } ``` Habilitamos el nuevo sitio: ``` ln -s /etc/nginx/sites-available/webcam /etc/nginx/sites-enabled ``` #IPCam Viewer Android -
Apr 28, 2018 . 1 changed file with 2 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -22,7 +22,7 @@ Una vez grabada la imagen en la sd, antes de meterla en la raspberry, montamos l Editamos /etc/wpa_supplicant/wpa_supplicant.conf ``` ctrl_interface=/var/run/wpa_supplicant network={ ssid="RocketJump" @@ -36,7 +36,7 @@ network={ phase1="peapver=0" phase2="MSCHAPV2" } ``` Editamos /etc/network/interfaces -
Mar 29, 2017 . 1 changed file with 23 additions and 17 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,24 +1,26 @@ # Raspberry pi + motion + nginx + ssl (headless) - Crear una cámara de seguridad usando una raspberry pi 3 y una webcam # Características - Instalación headless (no se necesita teclado ni pantalla para hacer la instalación) - Visualización en tiempo real de la webcam (web, vlc, android ipcam) - Acceso con password - Detección de movimiento y grabación de eventos - nginx para SSL (openssl self signed) y proxy inverso - conexión a wifi + wpa enterprise radius - fail2ban? (pendiente de revisar) # Preparación de raspberry pi 3 - Bajar imagen de raspbian lite: https://www.raspberrypi.org/downloads/raspbian/ Una vez grabada la imagen en la sd, antes de meterla en la raspberry, montamos las particiones y: * touch ssh en partición boot para tener acceso por ssh (desactivado por defecto) * Configuramos wifi + radius Editamos /etc/wpa_supplicant/wpa_supplicant.conf ` ctrl_interface=/var/run/wpa_supplicant @@ -36,7 +38,7 @@ network={ } ` Editamos /etc/network/interfaces ` auto lo @@ -72,25 +74,27 @@ apt install motion nginx libjpeg62 ccze htop vim fail2ban openssl ` #Configuración de motion Editamos /etc/motion/motion.conf y configuramos al gusto - Daemon=on - Detección de movimiento - snapshot - video - local off - ... mirar todas las opciones, que están bastante claras... - poner passwords vi /etc/default/motion daemon on para iniciar el servicio automáticamente # nginx como proxy inverso con SSL Creamos el certificado autofirmado: openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout /etc/ssl/certs/webcamstream.key -out /etc/ssl/certs/webcamstream.crt /etc/nginx/sites-available/webcam1 Creamos el virtualhost de nginx: /etc/nginx/sites-available/webcam ` server { listen 80; @@ -116,10 +120,12 @@ location / { } ` Habilitamos el nuevo sitio: ` ln -s /etc/nginx/sites-available/webcam /etc/nginx/sites-enabled ` #IPCam Viewer Android - detectar cámara https -
Mar 20, 2017 . 1 changed file with 7 additions and 5 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -129,9 +129,11 @@ dhparam -out dhparam.pem 4096? TODO --- ##envío de imágenes - por email - telegram - ftp - owncloud ## Securización - Password de Nginx, no de motion para fail2ban? (alternativa https://wiki.zoneminder.com/Raspbian) -
Mar 19, 2017 . 1 changed file with 2 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -60,6 +60,8 @@ Encender raspberry - passwd - sudo su - passwd - fs_resize - hostname - apt update && apt dist-upgrade -y -
Mar 18, 2017 . 1 changed file with 1 addition and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -86,8 +86,7 @@ vi /etc/default/motion daemon on para iniciar el servicio automáticamente en /etc/ssl/certs/ openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout /etc/ssl/certs/webcamstream.key -out /etc/ssl/certs/webcamstream.crt /etc/nginx/sites-available/webcam1 ` -
Mar 18, 2017 . 1 changed file with 2 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -70,7 +70,7 @@ apt install motion nginx libjpeg62 ccze htop vim fail2ban openssl ` #Configuración de motion /etc/motion/motion.conf - Daemon=ON - Detección de movimiento @@ -80,7 +80,7 @@ apt install motion nginx libjpeg62 ccze htop vim fail2ban openssl - ... mirar todas las opciones... - poner passwords xP vi /etc/default/motion daemon on para iniciar el servicio automáticamente # nginx como proxy con SSL -
Mar 17, 2017 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -12,7 +12,7 @@ - conexión a wifi + wpa enterprise radius - fail2ban # Preparación de raspberry pi - Imagen de raspbian lite * touch ssh en partición boot para tener acceso por ssh (desactivado por defecto) -
Mar 17, 2017 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -8,7 +8,7 @@ - Visualización en tiempo real (web, vlc, android ipcam) - Acceso con password - Detección de movimiento y grabación de eventos - nginx para SSL (openssl self signed) y proxy - conexión a wifi + wpa enterprise radius - fail2ban -
Mar 17, 2017 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,136 @@ # Raspberry pi + motion + nginx + ssl (headless) - Crear una cámara de seguridad usando una raspberry pi y una webcam # Características - Instalación headless - Visualización en tiempo real (web, vlc, android ipcam) - Acceso con password - Detección de movimiento y grabación de eventos - nginx para SSL (openssl selfsigned) y proxy - conexión a wifi + wpa enterprise radius - fail2ban # Preparación de raspberry pi (headless) - Imagen de raspbian lite * touch ssh en partición boot para tener acceso por ssh (desactivado por defecto) * wifi + radius /etc/wpa_supplicant/wpa_supplicant.conf ` ctrl_interface=/var/run/wpa_supplicant network={ ssid="RocketJump" scan_ssid=1 key_mgmt=WPA-EAP pairwise=CCMP TKIP group=CCMP TKIP eap=PEAP identity="radiususer" password="radiuspassword" phase1="peapver=0" phase2="MSCHAPV2" } ` /etc/network/interfaces ` auto lo iface lo inet loopback iface eth0 inet manual allow-hotplug wlan0 iface wlan0 inet static pre-up wpa_supplicant -B -Dwext -i wlan0 -c/etc/wpa_supplicant/wpa_supplicant.conf post-down killall -q wpa_supplicant address 192.168.0.220 netmask 255.255.255.0 gateway 192.168.0.1 ` --- Encender raspberry --- - passwd - sudo su - hostname - apt update && apt dist-upgrade -y #Instalación de motion y demás cosas que usaré... ` apt install motion nginx libjpeg62 ccze htop vim fail2ban openssl ` #Configuración de motion /etc/motion... - Daemon=ON - Detección de movimiento - snapshot - video - local off - ... mirar todas las opciones... - poner passwords xP vi /etc/default/motion daemon on para iniciar el servicio automáticamente # nginx como proxy con SSL en /etc/ssl/certs/ openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout /etc/ssl/certs/webcamstream.key -out /etc/ssl/certs/webcamstream.key /etc/nginx/sites-available/webcam1 ` server { listen 80; return 301 https://$host$request_uri; } server { listen 4443; ssl on; ssl_certificate /etc/ssl/certs/webcamstream.crt; ssl_certificate_key /etc/ssl/certs/webcamstream.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; location / { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://localhost:8081; proxy_read_timeout 90; } } ` ln -s /etc/nginx/sites-available/webcam /etc/nginx/sites-enabled ` dhparam -out dhparam.pem 4096? #IPCam Viewer Android - detectar cámara https - Motion detector notifier --- TODO --- ##envío de imágenes - por email - telegram - ftp - owncloud (alternativa https://wiki.zoneminder.com/Raspbian)