Streamer une caméra sur internet

J’avais des caméras raspberry pi. Toutes les minutes je prenais une photo et je la stockait pour ensuite l’afficher sur mon site internet. Ayant refait l’isolation de ma maison, je n’ai jamais pris la peine de les remettre, mais suite à la demande de plusieurs voisins qui appréciaient de venir sur mon site pour voir la situation à Montpreveyres, je me suis dirigé vers une nouvelle solution.

Installation de la caméra

J’ai acheté une caméra sur digitec à 80.- de très bonne qualité, la Reolink RLC-410W . J’ai mis sur mon routeur une ip statique. La caméra n’est pas ouverte sur l’extérieur.

Après l’avoir installée, j’ai cherché le lien RTSP:
rtsp://{user}:{password}@{ipdelacaméra}:554/h264Preview_01_main
Beaucoup de caméras ont un lien similaire!

On peut ouvrir ce lien RTSP par exemple dans VLC (media, open network stream). Mais le lien RTSP ne peut pas être vu directement dans un navigateur.

Installation d’un logiciel pour streamer la caméra sur un browser

Il y a un logiciel opensource permettant de voir une caméra sur un site internet (depuis un serveur linux): RTSPtoWeb. J’ai crée un nouvel utilisateur sur mon serveur et je lance ce programme depuis cet utilisateur. ( go run *.go ).

On peut rajouter différents flux sur {ipdevotreserveur}:8083 – ce port n’est pas ouvert sur l’extérieur! J’ai donc rajouté dessus mes différentes caméras.

Ouverture sur l’extérieur (sur https / sécurisé).

J’ai lié mon nom de domaine cam.nuage.ch à une ip dynamique correspondant à mon système à la maison (CNAME). J’ai aussi configuré mon routeur pour rediriger le port 80 (http) et 443 (https) sur ce système.

J’ai ensuite rajouté depuis apache2 (le serveur d’application que j’utilise) un proxy sur ce port.
Je demande un mot de passe sauf pour le stream de la caméra!

Dans /etc/apache2/sites-available/monsite.conf, j’ai mis:

<VirtualHost *:80>   
    ServerAdmin gabriel.klein@nuage.ch
    ServerName cam.nuage.ch

    <Location />
        AuthType Basic
        AuthName "Restricted Content"
        AuthUserFile /etc/apache2/htpasswd
        Require valid-user
        satisfy any
        deny from all
    </Location>

    <Location /stream/19c5065b-8904-4293-9fe3-87858b5c0a8d/channel/0/webrtc>
        Allow from All
        Satisfy Any
    </Location>

    <Location /stream/19c5065b-8904-4293-9fe3-87858b5c0a8d/channel/0/hls>
        Allow from All
        Satisfy Any
    </Location>

    ProxyRequests On
    ProxyPreserveHost on

    ProxyPass / http://localhost:8083/
    ProxyPassReverse / http://localhost:8083/


    ErrorLog /var/log/apache2/error-cam.nuage.ch.log

    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    LogLevel warn

    CustomLog /var/log/apache2/access-cam.nuage.ch.log combined
<VirtualHost>

Remplacez 19c5065b-8904-4293-9fe3-87858b5c0a8d par votre propre identifiant de caméra!

Je redémarre mon serveur

/etc/init.d/apache2 reload).

Ensuite je sécurise mon serveur de caméra avec

certbot -tvv –apache -m gabriel.klein@nuage.ch –redirect –hsts –uir –reinstall -d cam.nuage.ch

Je peux maintenant accéder à mon flux vidéo depuis

https://cam.nuage.ch/stream/19c5065b-8904-4293-9fe3-87858b5c0a8d/channel/0/hls/live/index.m3u8

Rajouter ma caméra sur wordpress / mon site internet

J’ai essayé WebRtc, mais malheureusement pas compatible avec mon téléphone et certains navigateurs. Donc je me suis dirigé sur le format HLS.

J’ai rajouté dans ma page wordpress un block html.

<input type="hidden" name="hls-url" id="hls-url" value="https://cam.nuage.ch/stream/19c5065b-8904-4293-9fe3-87858b5c0a8d/channel/0/hls/live/index.m3u8">

<p><video id="wc-video" autoplay="" muted="" playsinline="" controls="" style="max-width: 100%; max-height: 100%;"></video></p>

<script>

      document.addEventListener('DOMContentLoaded', function () {
        const videoEl = document.querySelector('#wc-video')
        const hlsUrl = document.querySelector('#hls-url').value

        if (Hls.isSupported()) {
          const hls = new Hls()
          hls.loadSource(hlsUrl)
          hls.attachMedia(videoEl)
        } else if (video.canPlayType('application/vnd.apple.mpegurl')) {
          videoEl.src = hlsUrl
        }
      })


</script>
    <script src="https://cdn.jsdelivr.net/npm/hls.js@latest"></script>

Remplacez 19c5065b-8904-4293-9fe3-87858b5c0a8d par votre propre identifiant de caméra!

Et succès (après quand même plusieurs heures de recherche….).

J’espère que cet article va vous aider, même si il reste techniquement assez complexe.

Use your HP to scan on a nextcloud folder

The goal of this article is to explain how you can scan directly on your nextcloud solution.

In my home, I have a printer from HP that is connected to my network. One of the nice feature of this printer is to be able to scan a list of documents. You put the list of documents, scan, and voila – you have a nice PDF. It’s a very good way to archive documents!

I have a linux based computer that is used as a nextcloud / owncloud data storage and backup facility – my printer scan on this computer that contains a samba share.

Step 1: Configure nextcloud

You need to install nextcloud on this computer. It’s not the scope of this article to explain how to do it. My nextcloud installation is running with the user www-data.

You will need to install the “groupfolder” extension and create a shared folder “Scanner”. You can sync one of your personal folder too… but I use the scanner for my all family.

Let’s get the id of the group you have just created. Go in the nextcloud folder.

sudo -u www-data php -f occ groupfolders:list

You can modify files locally and run the following command to scan for changes. 1 is the id that was given just before.

sudo -u www-data php -f occ groupfolders:scan 1

You will need to know where this folder is stored. In my case it’s in “/home/cloud/data/__groupfolders/1/”.

Step 2: Configure samba

Now we need to create a guest samba share. It’s not in the scope of this article to explain how to install it. As a reminder samba is a way to share folder similar to \\192.168.1.10\MyDocuments.

In my /etc/samba/smb.conf, I have the following configuration.

[scanner]
comment = Scanner HP Printer
path = /home/cloud/data/__groupfolders/1/
read only = no
browsable = yes
public = yes
writable = yes
guest ok = yes
force user = www-data
force group = www-data

I restart samba (/etc/init.d/smbd restart) and configure my printer to scan in this folder. When I scan a document, now it should appear in /home/cloud/data/__groupfolders/1/.

Step 3, notify the changes to nextcloud

I installed inotify-tools.

I’ve created a small script called monitor-scan.sh (You will need to configure it based on your settings).

!/bin/bash

cd /home/cloud/nextcloud

while [ 1 ]
do
inotifywait -e attrib /home/cloud/data/__groupfolders/1/
sleep 5
php -f occ groupfolders:scan 1
done

This script will wait for an “attrib” notification in the folder that store the configurations. It’s a way to track that a document was uploaded by the printer.

When a notification occur, we launch a command to notify nextcloud that we have changed a file. The file then will appear in your nextcloud folder!

We have an infinite loop that do that again and again. Try to run the script (sudo -u www-data ./monitor-scan.sh) and verify what’s happening when you scan a document. It should appear in your web interface of nextcloud.

Now let’s start it when you start your computer.

Edit your cron, probably with

crontab -u www-data -e

You should have the first cron that was installed with nextcloud. Add the second cron (with the correct path).

*/5 * * * * php -f /home/cloud/nextcloud/cron.php
@reboot /home/cloud/monitor-scan.sh >>/tmp/scanner-monitor.log

Now restart your computer… and it everything is working you are done.

Use Let’s Encrypt to secure Linux servers for free

A SSL web certificate is a way to secure your website by encrypting the communication between you and the computer a server is running on and be (almost) sure that what you see was not modified. You see that a communication is encrypted when you have a “https://” at the beginning of a website.

As an example, my website is secured as you see in the URL.

Let’s Encrypt is a free certificate provider.

Why should you secure your site?

  • Because it’s free with Let’s Encrypt! It was very expensive a few years ago, but now you can get a good certificate for free.
  • Because your site looks more serious when running on https://
  • Because you care about your visitors.
  • Because it’s easy 🙂 setting a SSL certificate was really hard a few years ago.
  • Because you will get a higher ranking on Google and other search engines.

How to secure it if you are just paying a hosting provider?

If you don’t manage your domain (what most people do), many providers provide a let’s encrypt certificate for free with just a few clicks!

As an example

How to secure your domain if you have a VPS or dedicated server?

This tutorial will focus on debian / ubuntu using apache2.

The first step is to install a virtual host running on http (out of the scope of this article). You should be able to access your website using http://www.yourdomain.ch

You then need to install certbot and python3-certbot-apache.

apt-get install certbot python3-certbot-apache

You can then easily create a https version of your domain running.

sudo certbot -tvv --apache -m you@yourmail.com --redirect --hsts --uir --reinstall -d www.yourdomain.ch

If you have multiple alias of the same domain.

sudo certbot -tvv --apache -m you@yourmail.com --redirect --hsts --uir --reinstall -d www.yourdomain.ch -d yourdomain.ch

I highly suggest to keep different domains separated! Run the same command on all of them and don’t use alias for domains that have different purposes.

And restart apache using

sudo service apache2 restart

Now when you write http://www.yourdomain.ch, you should be automatically forwarded to https://www.yourdomain.ch

The certificate are only valid 3 months… but it’s a good thing 🙂 You need to have a script to renew the certificate automatically.

Test that the “renew command” is working correctly.

sudo certbot renew

You should see something like: Cert not yet due for renewal.

Add a cron to the user root and add a line to update the certificate. The certificate is updated only if needed!

sudo crontab -e
34 02 * * * (certbot renew; service apache2 restart) &>>/tmp/certbot.log

Now your certificate is (should) setup correctly, and you don’t have to care about it anymore.