ZoneMinder

ZoneMinder is open source software used to capture, analyse, record, and monitor cameras.

Installation

Dependencies

This guide includes optional steps for configuring ZoneMinder with php-fpm.

The following required packages must be configured properly for ZoneMinder to work:

• Apache 2: www-servers/apache
• MySQL: dev-db/mariadb
• PHP: dev-lang/php

USE flags

Enable the following USE flags for dev-lang/php, app-eselect/eselect-php, and media-video/ffmpeg:

app-eselect/eselect-php apache2 fpm
dev-lang/php cgi pdo sysvipc mysqli inifile intl curl apache2 sockets gd mysql fpm
media-video/ffmpeg x264 jpeg2k x265

Unmask packages

There are a few unstable packages in the tree for ~amd64

www-misc/zoneminder
dev-perl/Class-Std-Fast
dev-perl/IO-Socket-Multicast
dev-perl/SOAP-WSDL
dev-perl/URI-Encode
dev-perl/Data-Entropy
dev-perl/HTTP-Lite
dev-perl/X10
dev-perl/Sys-Mmap
dev-perl/Data-Float
dev-perl/Class-Std

Apache Modules

Proxy is needed for FPM-PHP support.

...
APACHE2_MODULES="${APACHE2_MODULES} proxy proxy_fcgi"
...

Emerge

Install MariaDB, this was decoupled from ebuild allowing users to run database on another host:

Install ZoneMinder:

Configuration

Apache

• Select correct version of PHP:

  [1]   php7.4
  [2]   php8.0 *

Recent versions of ZoneMinder will warn if the local timezone is unset and reverts to using UTC, instead of throwing failures as seen with previous releases.

• Edit your active php module /etc/php/MODULE-VERSION)/php.ini to reflect the following:

date.timezone = <Country/City>

• Edit /etc/conf.d/apache2 and add -D PHP -D PROXY to APACHE2_OPTS:

APACHE2_OPTS="-D DEFAULT_VHOST -D INFO -D SSL -D SSL_DEFAULT_VHOST -D LANGUAGE -D PHP -D PROXY"

• Edit /etc/apache2/modules.d/70_mod_php.conf to activate PHP-FPM

...
        <FilesMatch "\.(php|php[57]|phtml)$">
                SetHandler "proxy:unix:/var/run/php-fpm/www.sock|fcgi://localhost"
        </FilesMatch>
...

• The package will create an Apache vhost in /etc/apache2/vhosts.d/10_zoneminder.conf

# Remember to enable cgi mod (i.e. "a2enmod cgi").
ScriptAlias /zm/cgi-bin/zms "/usr/libexec/zoneminder/cgi-bin/zms"
ScriptAlias /zm/cgi-bin/nph-zms "/usr/libexec/zoneminder/cgi-bin/nph-zms"

<Directory "/usr/libexec/zoneminder/cgi-bin">
    Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
    AllowOverride All
    Require all granted
</Directory>


# Order matters. This alias must come first.
Alias /zm/cache "/var/cache/zoneminder"
<Directory "/var/cache/zoneminder">
    Options -Indexes +FollowSymLinks
    AllowOverride None
    Require all granted
</Directory>

Alias /zoneminder "/usr/share/zoneminder/www"
Alias /zm "/usr/share/zoneminder/www"
<Directory "/usr/share/zoneminder/www">
  Options -Indexes +FollowSymLinks
    DirectoryIndex index.php
    AllowOverride None
    Require all granted
</Directory>

# For better visibility, the following directives have been migrated from the
# default .htaccess files included with the CakePHP project.
# Parameters not set here are inherited from the parent directive above.
<Directory "/usr/share/zoneminder/www/api">
   RewriteEngine on
   RewriteRule ^$ app/webroot/ [L]
   RewriteRule (.*) app/webroot/$1 [L]
   RewriteBase /zm/api
</Directory>

<Directory "/usr/share/zoneminder/www/api/app">
   RewriteEngine on
   RewriteRule ^$ webroot/ [L]
   RewriteRule (.*) webroot/$1 [L]
   RewriteBase /zm/api
</Directory>

<Directory "/usr/share/zoneminder/www/api/app/webroot">
    RewriteEngine On
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^ index.php [L]
    RewriteBase /zm/api
</Directory>

FPM-PHP

/etc/php/fpm-php8.0/fpm.d/www.conf needs to be adjusted to listen on UNIX socket and run as Apache. While a separate UID/GUI could be created for this, the /var/log/zm/ and /etc/zm/conf.d/private.conf permissions would also need to be adjusted.

...
[www]
user = apache
group = apache

listen = /var/run/php-fpm/www.sock
listen.owner = apache
listen.group = apache
...

MySQL

• Create ZoneMinder's database, zm, and setup a new user zmuser.

mysql> create database zm;

mysql> grant lock tables,alter,drop,select,insert,update,delete,create,index,alter routine,create routine, trigger,execute on zm.* to 'zmuser'@localhost identified by 'zmpass';
Query OK, 0 rows affected (0.00 sec)

mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)

mysql> exit;

• Import the database schema and base data, the .sql script is created by the configure phase above, so make sure you do that first.

ZoneMinder

To make custom changes, create a new configuration file, with an extension of .conf, under the /etc/zm/conf.d folder, containing your desired modifications. Adjust the permissions to protect credentials and make it readable by your web server.

For example, creating new /etc/zm/conf.d/99-local.conf

Configuration files

• Edit your new local configuration file and add the above MySQL database username and password:

# ZoneMinder database user
ZM_DB_USER=zmuser

# ZoneMinder database password
ZM_DB_PASS=zmpass

Init

OpenRC

Add Apache to the default runlevel and start the service:

Add PHP to the default runlevel and start the service:

Add MySQL to the default runlevel and start the service:

Add ZoneMinder to the default runlevel and start:

systemd

Enable the Apache to start on system boot and start the service:

Enable the PHP service to start on system boot and start the service:

Enable the MySQL service to start on system boot and start the service:

Enable the ZoneMinder service to start on system boot and start the service:

SELinux

When using SELinux, first create a SELinux policy for the application:

module local_zoneminder 1.0; 

require { 
               type httpd_t;
               type initrc_var_run_t;
               type initrc_t;
               type v4l_device_t;
               type file_t;
              class unix_stream_socket { read connectto };
              class file { read lock };
              class shm { unix_read unix_write associate read write getattr };
              class chr_file getattr;
}

#============= httpd_t ============== 
allow httpd_t initrc_t:unix_stream_socket connectto;
allow httpd_t initrc_t:shm { unix_read unix_write associate read write getattr };
allow httpd_t initrc_var_run_t:file { read lock };
allow httpd_t v4l_device_t:chr_file getattr;

Now build the modules:

Other

Shared memory:

Upgrading

ZoneMinder includes a Perl utility zmupdate.pl to update the database schema as needed. Note: a Perl interpreter will required to run the script.

Normally you just need to run zmupdate.pl without parameters, credentials are read from configurations under /etc/zm. If you have a unique upgrade situation, you can specify the previous version and database credentials for the zm database:

Initiating database upgrade to version 1.30.4 from version 1.30.2

Please ensure that ZoneMinder is stopped on your system prior to upgrading the database.
Press enter to continue or ctrl-C to stop :

Do you wish to take a backup of your database prior to upgrading?
This may result in a large file in /var/tmp/zm if you have a lot of events.
Press 'y' for a backup or 'n' to continue : y
Creating backup to /var/tmp/zm/zm-1.30.2.dump. This may take several minutes.
Database successfully backed up to /var/tmp/zm/zm-1.30.2.dump, proceeding to upgrade.

Upgrading database to version 1.30.4
Loading config from DB
Saving config to DB
Upgrading DB to 1.30.3 from 1.30.2

Database successfully upgraded to version 1.30.3.
Upgrading DB to 1.30.4 from 1.30.2

Database successfully upgraded to version 1.30.4.

Database upgrade to version 1.30.4 successful.

See also

• PHP — a general-purpose server-side scripting language to produce dynamic web pages.
• Apache — an efficient, extensible web server. It is one of the most popular web servers used the Internet.
• MariaDB — is an enhanced, drop-in MySQL replacement.