Not long ago, I have purchased an IP camera for my home. A nice toy I must say. I wanted to expose this camera for outside access. The issue is that this camera’s interface does not support SSL.
Well because privacy is involved, the least I could do is add SSL somehow. I googled a bit and came across this article. I decided to use my raspberry pi for that.
The process itself is relatively easy but I had to do some improvisations over the article above. So I decided to make a tutorial for this.
You can use this to add SSL layer on top of every http you have.
So here we go:
Install apache2 on your raspberry pi:
sudo apt-get install apache2
Enable ssl, proxy and proxy_http modules:
sudo a2enmod ssl sudo a2enmod proxy sudo a2enmod proxy_http
Add listener to port 10001 (You can use any port, this is from the sample)
I have used ports.conf file to add it. You can create a new configuration file for this if you like
NameVirtualHost *:10001 Listen 10001
Add definitions for you camera’s reverse proxy (VirtualHost tag)
- The camera’s internal address and port in this example is 192.168.9.11:81
- The logs are located in /var/log/apache2 – you can change it to a path you desire
- The certificate are self signed. It is explained next
<VirtualHost *:10001> ProxyRequests Off ProxyPreserveHost On ProxyVia On Order deny,allow Allow from all ProxyPass / http://192.168.9.11:81/ ProxyPassReverse / http://192.168.9.11:81/ CustomLog /var/log/apache2/access_cam1.log combined ErrorLog /var/log/apache2/error_cam1.log ServerName cam1 SSLEngine On SSLCertificateFile /etc/apache2/mycrt.crt SSLCertificateKeyFile /etc/apache2/mycrt.key <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars SSLOptions +StdEnvVars BrowserMatch "MSIE [2-6]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 # MSIE 7 and newer should be able to use keepalive BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown </VirtualHost>
Now we need to create certificate files. I used this guide in order to do it. It’s pretty straight forward (In my example above I’ve called them “mycrt”)
We’re almost good to go. In case you created a passphrase for you certificate, you will notice that as you restart your apache2 it will require you to enter your passphrase.
This can be avoided, if you’d like.
Create a shell script that echoes your passphrase:
#!/bin/bash echo your-password
- Add execute permissions to this script
Edit ssl.conf, and change the SSLPassPhraseDialog line
That’s it! Now you can restart your apahce with
sudo service apahce2 restart
Now try accessing your raspberry pi with https://<ip>:10001
You should see your webcam’s login interface with SSL
Feel free to port-forward from your router to your raspberry pi’s new SSL port in order to access your camera from the outer world
I hope this guide is useful for you.