HOWTO: Installing ZoneMinder in a FreeNAS 11 Jail

bollar

Patron
Joined
Oct 28, 2012
Messages
411

joebad1

Explorer
Joined
Nov 21, 2015
Messages
58
In addition to @danb35 's answer, putting the data outside the jail allows you to set a quota and reserved space for the dataset and will allow ZoneMinder's auto file delete function to work within space less than the entire pool. That seems important for this application, since it's constantly recording to the pool.

Thanks for the insight. I'm still playing with ZM in the jail. However, the API directories don't seem to load properly (or maybe the FreeBSD set-up is different, and I just can't find them!).

Anyway, I also have ZM up and running in an Ubuntu VM. I connected a spare 1 TB external USB hard drive I had sitting in the corner and mounted the images and events directories as NFS shares in the VM. So far, so good. Added bonus: The API's work perfectly, and ZMNinja connects without problems.

I'd love to get ZM working in a jail. To my less experienced brain, it seems like it would be a more efficient use of resources than spinning up Ubuntu in a VM. I've been working on getting the API's running in the jail for a few days without success. I'm going to continue to peruse the forums to see if anyone else has success.
 
Last edited:

joebad1

Explorer
Joined
Nov 21, 2015
Messages
58
This thread looks helpful: https://forums.zoneminder.com/viewtopic.php?t=26131

I'll look into it as well.

I saw this thread, but it's a bit above my pay grade. I'm really good at following directions, moving around directories and typing what I'm told to type. But, "installing the binary version of pecl-APCu4" is not enough for me to go on!!!

I'll keep digging, though. Because I enjoy learning this "stuff". Let me know if you have success!
 

brooktini86

Cadet
Joined
Feb 20, 2018
Messages
4
I saw this thread, but it's a bit above my pay grade. I'm really good at following directions, moving around directories and typing what I'm told to type. But, "installing the binary version of pecl-APCu4" is not enough for me to go on!!!

I'll keep digging, though. Because I enjoy learning this "stuff". Let me know if you have success!

Did you get any further on this?

I cannot get the API to work.

I've tried on NGINX and it just complains about the cgi-bin folder and with Apache it complains about API.
 

joebad1

Explorer
Joined
Nov 21, 2015
Messages
58
Did you get any further on this?

I cannot get the API to work.

I've tried on NGINX and it just complains about the cgi-bin folder and with Apache it complains about API.
Unfortunately, no. I’m currently running ZoneMinder in a VM running Ubuntu. I couldn’t get the API’s to work in a standard jail. Everything works beautifully in the VM.
 

joebad1

Explorer
Joined
Nov 21, 2015
Messages
58
Did you get any further on this?

I cannot get the API to work.

I've tried on NGINX and it just complains about the cgi-bin folder and with Apache it complains about API.
I’m sitting on a plane waiting for takeoff, so I don’t have access to my server, but I do remember that I had to remove the forward slash in front of the cgi-bin path definition found under their ZM Paths tab to get everything to work nicely.
 

cgiff

Cadet
Joined
May 14, 2018
Messages
3
I followed along 100% twice now.
The first time I thought I might have missed something. But I get the same error message on the Ip Address.
When I goto the IP address I get a
Code:
Could not open config file.
Message and thats all thats on the page.
Like I said I reinstalled on two different Jails in case I messed something up...

# nano /usr/local/etc # nano apache24/httpd.conf
Also This command Confused me quite a bit, I'm wondering if you meant:
# nano /usr/local/etc/apache24/httpd.conf
After running the command as you have it in the tutorial it just opens three non existent text files in nano.

Also on both of my installs the command:
service mysql-server start
returned saying that I have to add it to the rc.conf before I can restart the service. I ended up adding it to make it restart the service.

Also Last point, You might want to mention somewhere in your tutorial that the package "mysql56-server" doesnt have a root password so just hitting enter will suffice because anyone new to mysql (like myself) will not know how to proceed from the commands:
mysql -uroot -p < /usr/local/share/zoneminder/db/zm_create.sql And
mysql -uroot -p -e "grant select,insert,update,delete,create,alter,index,lock tables on zm.* to 'zmuser'@localhost identified by 'zmpass';"

Thank you @francelife23 for the detailed write up, If I get this running you will save my day.
 

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,460
Also This command Confused me quite a bit, I'm wondering if you meant:
# nano /usr/local/etc/apache24/httpd.conf
The command as you quoted it indicated the user was in the /usr/local/etc/ directory at the time the command was issued, which would be equivalent to what you did.
 

joebad1

Explorer
Joined
Nov 21, 2015
Messages
58

cgiff

Cadet
Joined
May 14, 2018
Messages
3
Thank you @danb35 for clarifying that for me! But upon further inspection I believe the error Im getting is caused by apache and not zoneminder itself. I amended the codes verbatim into the httpd.conf file.
 

Amsoil_Jim

Contributor
Joined
Feb 22, 2016
Messages
175
So I just followed the steps and got to this one
Code:
  • In a browser, go to the ZM jail’s IP address, you should get to the ZM main page – hooray! If not, review the above steps and troubleshoot as necessary.

and when I go to the jail's IP it returns
Code:
Could not open config file

did I mis something here? I saw one other comment mentioning this result but didn't see any suggestions on a remedy.

Edit: Never mind... I guess I missed the try chmod 744 if permission denied
 
Last edited:

PPete27

Cadet
Joined
Jul 2, 2018
Messages
2
Having a problem viewing the live stream. Seems to be recording fine.

Socket /var/run/zm/zms-804575s.sock does not exist. This file is created by zms, and since it does not exist, either zms did not run, or zms exited early. Please check your zms logs and ensure that CGI is enabled in apache and check that the PATH_ZMS is set correctly.

Any advice?

EDIT: I found the solution:

In /usr/local/etc/apache24/httpd.conf you need to find the lines

Code:
<IfModule mpm_prefork_module>
		#LoadModule cgi_module libexec/apache24/mod_cgi.so
</IfModule>


And remove the #.

Then
Code:
service apache24 restart


I now have live video feed.
I was having the same problem, spent 2 days trying to figure out a solution, finally found out that when I ran
"apachectl -M | grep cgi” I didn't get any CGI modules back, showing it wasn't loaded. After enabling them in my http.conf and coming back here to share my newfound knowledge, I found your post :p Guess I should read a few more comments down next time :) Thanks for sharing!

I used https://httpd.apache.org/docs/2.4/howto/cgi.html to help troubleshoot that further.
 
Last edited:
Joined
May 9, 2017
Messages
11
Nice post! We had ZoneMinder running on Ubuntu 16.04, but we ended up preferring CentOS (both of which running in bhyve VM's on FreeNas). We don't use jails, but this is a nice thing to consider at some point, thanks a lot!
 

Volte

Dabbler
Joined
Feb 11, 2016
Messages
19
Hmmm. I was excited when I found the post about enabling the CGI Module. I've done that, restarted the various services, and even restarted the entire jail. Doesn't seem to be working still.

Code:
$ apachectl -M | grep cgi
cgi_module (shared)

I'm still getting these two errors. I've included an INFO message to show that I'm getting data from my camera.

Code:
2018-07-14 18:47:42.709973 zmc_m2 102340 INF IPD-E17T08: 5000 - Capturing at 14.93 fps zm_monitor.cpp 3125
2018-07-14 18:47:35.541476 web_js 5176 ERR getStreamCmdResponse stream error: Socket /var/run/zm/zms-475533s.sock does not exist. This file is created by zms, and since it does not exist, either zms did not run, or zms exited early. Please check your zms logs and ensure that CGI is enabled in apache and check that the PATH_ZMS is set correctly. Make sure that ZM is actually recording. If you are trying to view a live stream and the capture process (zmc) is not running then zms will exit. Please go to http://zoneminder.readthedocs.io/en/latest/faq.html#why-can-t-i-see-streamed-images-when-i-can-see-stills-in-the-zone-window-etc for more information. - checkStreamForErrors() ?view=watch
2018-07-14 18:47:35.469921 web_php 5144 ERR Socket /var/run/zm/zms-475533s.sock does not exist. This file is created by zms, and since it does not exist, either zms did not run, or zms exited early. Please check your zms logs and ensure that CGI is enabled in apache and check that the PATH_ZMS is set correctly. Make sure that ZM is actually recording. If you are trying to view a live stream and the capture process (zmc) is not running then zms will exit. Please go to http://zoneminder.readthedocs.io/en/latest/faq.html#why-can-t-i-see-streamed-images-when-i-can-see-stills-in-the-zone-window-etc for more information. includes/functions.php 2033

Anyone have any ideas? I've set my CGI path correctly too.

EDIT:
Just kidding. I had changed my CGI path to absolute in a previous iteration in an attempt to get it working. I'm now getting a feed! I'll leave the post here for posterity.
 

hellothere

Cadet
Joined
Nov 12, 2016
Messages
1
I got my API's working by doing this:

Enable Apache URL rewrite

Open the Apache conf file nano /usr/local/etc/apache24/httpd.conf

Find this line and uncomment it #LoadModule rewrite_module libexec/apache2/mod_rewrite.so

Configure URL rewrite
Edit these three files
nano /usr/local/www/zoneminder/api/.htaccess
nano /usr/local/www/zoneminder/api/app/.htaccess
nano /usr/local/www/zoneminder/api/app/webroot/.htaccess


Change the RewriteBase to /api for all three
Code:
IfModule mod_rewrite.c>
   RewriteEngine on
   RewriteRule ^$ app/webroot/ [L]
   RewriteRule (.*) app/webroot/$1 [L]
   RewriteBase /zm/api
</IfModule>


Your API should be accessible at http://server/api/
 

pmgmr2

Cadet
Joined
Jul 25, 2012
Messages
8
Thank you for the wonderful guide! Unfortunately, once I get to this step:

# nano /usr/local/etc # nano apache24/httpd.conf

nano opens, but says "Directory apache24 does not exist"

...which is weird, because I verified that apache was running, as it says in the previous step. Does anyone know what's going on?
 

rogerh

Guru
Joined
Apr 18, 2014
Messages
1,111
The less that's stored inside the jail, the easier it is to rebuild the jail if necessary. If you look at some of the recent how-to documents for iocage jails (e.g., https://forums.freenas.org/index.ph...unifi-controller-with-lets-encrypt-iocage.81/ or https://forums.freenas.org/index.php?resources/fn11-jailed-crashplan-pro-with-vnc-iocage.79/), they're even putting the config files outside of the jail, so that the only thing stored in the jail itself is the actual software. That means you can destroy the jail and rebuild it with the latest software, even upgrading the underlying OS template, without disturbing your data or configuration.

There's also the fact that some users (like me) put jails on a separate, smaller (sometimes SSD) pool, and wouldn't want the large amount of data taking space on the smaller pool.
Another reason, not so much with Zonefinder, is that you may want your data accessible to other jails or other machines on the network. This particularly applies to media files. Since FreeNAS already has tested sharing mechanisms it seems easier to do this in a dataset accessible to FreeNAS than try to share the files directly from a jail.
 

swcrawford

Cadet
Joined
Sep 21, 2018
Messages
1
****Edit to add - I have the ZM page working. I had to substitute mod_php71 and php71-mysqli in the pkg install command in step 2C.

I followed the instructions in the original post without incident but I seem to be having a problem with extensions loading. in my httpd-error.log I get:


PHP Warning: PHP Startup: Unable to load dynamic library '/usr/local/lib/php/20131226/pdo.so' - Cannot open &quot;/usr/local/lib/php/20131226/pdo.so&quot; in Unknown on line 0
PHP Warning: PHP Startup: Unable to load dynamic library '/usr/local/lib/php/20131226/sockets.so' - Cannot open &quot;/usr/local/lib/php/20131226/sockets.so&quot; in Unknown on line 0
PHP Warning: PHP Startup: Unable to load dynamic library '/usr/local/lib/php/20131226/pdo_mysql.so' - Cannot open &quot;/usr/local/lib/php/20131226/pdo_mysql.so&quot; in Unknown on line 0


when I start / restart the apache server. And:


[Fri Sep 21 08:49:19.646446 2018] [:error] [pid 56782] [client 192.168.0.124:50791] PHP Fatal error: Class 'PDO' not found in /usr/local/www/zoneminder/includes/database.php on line 46


when I try to browse to the the IP address of the jail in the browser. I feel like this has to be a simple config issue as my extensions directory appears to be:

usr/local/lib/php/20160303/ and not /usr/local/lib/php/20131226/

But I'm afraid I just don't know enough to track it down and google searches have been more confusing than helpful.
 
Last edited:

izomiac

Dabbler
Joined
May 3, 2018
Messages
19
Ok, so I've played around with this quite a bit today, especially after learning that cloning an iocage then deleting the original has a very unpleasant side effect that I wasn't expecting. As such, I figured I'd post my shell history and final config files since there are a good half-dozen gotchas with the current version of Zoneminder inside a FreeNAS 11.2 jail. I used the Zoneminder-h264 package. The newest version of Zoneminder that came out a couple weeks ago incorporates & improves on the h264 patch, but the BSD package is like 2 - 3 major revisions behind. I was able to get the Debian package mostly installed, but it was more trouble that I cared for to fix all the path inconsistencies to get it running.

Code:
jls
# See what JID the Zoneminder jail is using, 35 in my case
jexec 35 /bin/tcsh
# Now we're in the jail.  iocage also has a console feature, but it doesn't
# work well with nano or vi.  At least for me, YMMV.
pkg update -f
pkg install apache24
sysrc apache24_enable=yes
service apache24 start
service apache24 stop
pkg install mysql56-server
service mysql-server start
sysrc mysql_enable=yes
service mysql-server start
mysql
service mysql-server stop
nano /usr/local/my.cnf
# Change the default of:
# sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES
# to just:
# sql_mode=NO_ENGINE_SUBSTITUTION
service mysql-server start
mysql_secure_installation
sockstat -4
# The MySQL server is publically accessible, so that needs to be fixed
sysrc mysql_args="--bind-address=127.0.0.1"
service mysql-server restart
sockstat -4
nano /usr/local/etc/apache24/httpd.conf
pkg install zoneminder-h264
nano /usr/local/etc/php-fpm.conf
# I forget what I changed exactly here, it was in the install instructions
# that appeared after zoneminder was installed.  Might not even be necessary
# since I used apache24 rather than nginx.
nano /usr/local/etc/php/ext-40-timezone.ini
# I added a line for PHP to give it the correct timezone
mysql -u root -p
# I created the databases and such, see the original post on this thread
mysql -u root -p zm < /usr/local/share/zoneminder/db/zm_create.sql
sysrc zoneminder_enable="YES"
service zoneminder start
service apache24 start
service apache24 stop
nano /usr/local/etc/apache24/Includes/httpd-vhosts.conf
# I put the virtual httpd server configuration here.
service apache24 restart
chmod 744 /usr/local/etc/zm.conf
cat /etc/passwd
chown mysql:mysql /usr/local/my.cnf
# MySQL will chmod my.cnf every time it runs, so you have to chown instead.
nano /usr/local/etc/apache24/httpd.conf
# I uncommented the lines that load the CGI modules
service apache24 restart
service mysql-server restart
service zoneminder restart
nano /usr/local/etc/apache24/Includes/php.conf
# I put the PHP specific httpd server config here
# I also ran into some trouble with PHP, turns out the zoneminder package
# specifically depends on php71.  If you install php56 or php72 it's a mess.
# I had to debug quite a bit here, so my apologies if I've omitted anything.
pkg install php71-pdo-mysql
pkg install php71-mysqli
pkg install mod_php71
pkg install php71-mysql
pkg install php71-mysqli
service apache24 restart
service zoneminder restart

# At this point zoneminder was pretty much working for me.
# In the web interface update your paths for where everything is stored.
# If you mount a ZFS dataset then make sure it's in the web root or has
# a symbolic link, the Zoneminder web interface requires it to be accessible.

# The following are my final config files on my setup with comments stripped.

################################################################################

root@Zoneminder:/ # cat /usr/local/my.cnf
[mysqld]
sql_mode=NO_ENGINE_SUBSTITUTION

################################################################################

root@Zoneminder:/ # cat /usr/local/etc/apache24/httpd.conf
ServerRoot "/usr/local"
Listen 80
LoadModule mpm_prefork_module libexec/apache24/mod_mpm_prefork.so
LoadModule authn_file_module libexec/apache24/mod_authn_file.so
LoadModule authn_core_module libexec/apache24/mod_authn_core.so
LoadModule authz_host_module libexec/apache24/mod_authz_host.so
LoadModule authz_groupfile_module libexec/apache24/mod_authz_groupfile.so
LoadModule authz_user_module libexec/apache24/mod_authz_user.so
LoadModule authz_core_module libexec/apache24/mod_authz_core.so
LoadModule access_compat_module libexec/apache24/mod_access_compat.so
LoadModule auth_basic_module libexec/apache24/mod_auth_basic.so
LoadModule reqtimeout_module libexec/apache24/mod_reqtimeout.so
LoadModule filter_module libexec/apache24/mod_filter.so
LoadModule mime_module libexec/apache24/mod_mime.so
LoadModule log_config_module libexec/apache24/mod_log_config.so
LoadModule env_module libexec/apache24/mod_env.so
LoadModule headers_module libexec/apache24/mod_headers.so
LoadModule setenvif_module libexec/apache24/mod_setenvif.so
LoadModule version_module libexec/apache24/mod_version.so
LoadModule unixd_module libexec/apache24/mod_unixd.so
LoadModule status_module libexec/apache24/mod_status.so
LoadModule autoindex_module libexec/apache24/mod_autoindex.so
<IfModule !mpm_prefork_module>
		LoadModule cgid_module libexec/apache24/mod_cgid.so
</IfModule>
<IfModule mpm_prefork_module>
		LoadModule cgi_module libexec/apache24/mod_cgi.so
</IfModule>
LoadModule dir_module libexec/apache24/mod_dir.so
LoadModule alias_module libexec/apache24/mod_alias.so
LoadModule php7_module		libexec/apache24/libphp7.so
IncludeOptional etc/apache24/modules.d/[0-9][0-9][0-9]_*.conf
<IfModule unixd_module>
User www
Group www
</IfModule>
<Directory />
	AllowOverride none
	Require all denied
</Directory>
DocumentRoot "/usr/local/www/apache24/data"
<Directory "/usr/local/www/apache24/data">
	Options Indexes FollowSymLinks
	AllowOverride None
	Require all granted
</Directory>
<IfModule dir_module>
	DirectoryIndex index.html
</IfModule>
<Files ".ht*">
	Require all denied
</Files>
ErrorLog "/var/log/httpd-error.log"
LogLevel warn
<IfModule log_config_module>
	LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
	LogFormat "%h %l %u %t \"%r\" %>s %b" common
	<IfModule logio_module>
	  LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
	</IfModule>
	CustomLog "/var/log/httpd-access.log" common
</IfModule>
<IfModule alias_module>
	ScriptAlias /cgi-bin/ "/usr/local/www/apache24/cgi-bin/"
</IfModule>
<IfModule cgid_module>
</IfModule>
<Directory "/usr/local/www/apache24/cgi-bin">
	AllowOverride None
	Options None
	Require all granted
</Directory>
<IfModule headers_module>
	RequestHeader unset Proxy early
</IfModule>
<IfModule mime_module>
	TypesConfig etc/apache24/mime.types
	AddType application/x-compress .Z
	AddType application/x-gzip .gz .tgz
</IfModule>
<IfModule proxy_html_module>
Include etc/apache24/extra/proxy-html.conf
</IfModule>
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
Include /usr/local/etc/apache24/Includes/*.conf

################################################################################

root@Zoneminder:/ # cat /usr/local/etc/php-fpm.conf
[global]
pid = run/php-fpm.pid
include=/usr/local/etc/php-fpm.d/*.conf
listen = /var/run/php-fpm.sock
listen.owner = www
listen.group = www
env[PATH] = /usr/local/bin:/usr/bin:/bin

################################################################################

root@Zoneminder:/ # cat /usr/local/etc/php/ext-40-timezone.ini
date.timezone = America/New_York

################################################################################

root@Zoneminder:/ # cat /usr/local/etc/apache24/Includes/httpd-vhosts.conf
<VirtualHost *:80>
	ServerName Zoneminder
	DocumentRoot "/usr/local/www/zoneminder-h264/"
	<Directory "/usr/local/www/zoneminder-h264">
		Options FollowSymLinks
		AllowOverride All
	Require all granted
	</Directory>
	ScriptAlias /cgi-bin "/usr/local/www/zoneminder-h264/cgi-bin"
	<Directory "/usr/local/www/zoneminder-h264/cgi-bin">
		Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
		AllowOverride All
	Require all granted
	</Directory>
</VirtualHost>

################################################################################

root@Zoneminder:/ # cat /usr/local/etc/apache24/Includes/php.conf
<IfModule dir_module>
	DirectoryIndex index.php index.html
	<FilesMatch "\.php$">
		SetHandler application/x-httpd-php
	</FilesMatch>
	<FilesMatch "\.phps$">
		SetHandler application/x-httpd-php-source
	</FilesMatch>
</IfModule>



I also tried out Shinobi today as well. I got the base working as well as the motion detection plugin. The object detection plugin looks like it'd be a real pain to install on BSD, and I'm not even sure BSD has all the dependencies for it. Here are some tips:

  • Follow the "hard way" on the install guide on the Shinobi website
  • Do NOT import the demo user/monitor into your SQL database. The demo user is useless as you can't login with it, but the monitor is real and will remain active even if you delete the demo user. It will download 150+ GB of data in a month from some random camera on the internet if you ignore it, based on the transfer speeds I was seeing.
  • The default admin password is hashed in MD5, while more recent versions of Shinobi default to SHA256, thus you need to manually change it or the hash type.
  • Don't use the admin login on the main login page, there's an admin panel at /super
  • The motion plugin was more difficult to install since it requires canvas. I just had to keep tracking down error messages and figuring out which dependency was missing. When it gives an error about freetype what it's really complaining about is missing a pkginfo package (or something like that, don't quote me).
 
Last edited:

Cons3nce

Cadet
Joined
Jun 15, 2017
Messages
4
Okay so I got to the end of the guide and went to access ZoneMinder via the IP address and I get "Forbidden". Any idea why?
 
Top