Press "Enter" to skip to content

Motion EYE: Remote SSL + RTSP camera support

Motion EYE project does not support cameras providing RTSP streams only. I had one such camera and wanted to add it along other cameras to my Motion EYE system running on a RPi.

Motion EYE add camera dialog.

RTSP to RTP stream conversion

So, my camera RTSP stream was accessible at rtsp://USER:PASS@IP:554/live/ch00_0. I already had installed packages VLC that include also cvlc command. CVLC is a command-line-based tool for VLC functionalities and is very powerful also to work with video streams. The idea is that we convert the RTSP stream into a RTP stream first. We can achieve this using the following command:

cvlc -vvv rtsp://USER:PASS@IP:554/live/ch00_0 --sout "#rtp{sdp=rtsp://127.0.0.1:8554}"

Note that RTSP link can be different based on an IP camera that you might have. The RTP part of the command specifies where RTP stream will be available – on a local port in our case.

We also wanted for the stream to be available at the system startup without manual intervention. To support that we configured a service in /etc/systemd/system/cvlc.service and enabled it:

[Unit]
Description=cvlc Server

[Service]
User=pi
ExecStart=/usr/bin/cvlc -vvv rtsp://USER:PASS@IP:554/live/ch00_0 --sout "#rtp{sdp=rtsp://127.0.0.1:8554}" &
Restart=on-abort

[Install]
WantedBy=multi-user.target

To add this stream to Motion EYE just add a new camera, select Use local stream, and enter your local URL. The stream should now be accessible in your app.

Making you Motion EYE interface available over HTTPS

By default Motion EYE provides HTTP only support. To enable HTTPS we will use (a) NGINX server as an SSL proxy, and (b) Certbot to provide and maintain Let’s Encrypt server certificates. Process is briefly available in the official Github repository.

First we install nginx (sudo apt-get install nginx) and edit the default confguration in sudo /etc/nginx/sites-available/default as follows:

server {
    listen 80 default_server;
    listen [::]:80 default_server;
    server_name _;
    
    location / {
        proxy_pass http://127.0.0.1:8765/;
        proxy_read_timeout 120s;
        access_log off;
    }
}

After that we save configuration and restart nginx (sudo service nginx restart). Then we install and setup a server certificate (prior to that I expect that you already own a domain with a set public DNS A record that show to your IP):

sudo apt update
sudo apt install snapd
sudo snap install core; sudo snap refresh core
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot

sudo certbot --nginx
#configure domain and nginx config

sudo certbot renew --dry-run
#just to check renewal will be okay

To make sure your server will not be available via other domains or IP delete the default nginx config and leave only the one by certbot.

Leave a Reply

Your email address will not be published.

 

This site uses Akismet to reduce spam. Learn how your comment data is processed.