I’d like to host this on the Ubuntu Linux box in my home office and put a camera in my living room. Would like to be able to monitor the camera from an iPhone, and have it auto record on motion detection.
For external access though, I don’t have a domain name registered, and I’d rather not have one. I’d be happy to access this just using my external IP address. But I don’t know how “static” the IP address from my ISP is. (My router gets it via DHCP, but I don’t know how long those leases are, or if it re-uses the same IP when renewing.)
Edit: Also what is a good camera to use? Seems like a lot of these cams require registration with some shady service and their own app to view them. Which means that all of that is running through their hosted service, which I am trying to avoid.
If you haven’t bought cameras yet then you can always check for one that works with thingino Open-source Firmware for Ingenic SoC IP Cameras
Holy crap, this is amazing! I can take shitty wifi cams I have in storage and make them reliable, cloudless Ethernet cams! Woohoo!
Have a look at Frigate.
You can self host and support several cameras, AI detection, etc.
If you get a camera that is ONVIF compatible, you won’t need an app to set it up. Vikylin, amcrest are a couple I’ve used.
Use tailscale to access your cameras, don’t portforward them. They are pathetically terrible for security.
Any ONVIF/ RTSP camera is probably going to work but I still keep them segregated from the Internet.
Motion triggered recording works fine to a SD card on many cameras. I’m so far happy with Reolink.
For remote access look into Tailscale.
I use Frigate and Reolink cameras. I have a Home Assistant install to access the cameras remotely through reverse proxy.
For external access though, I don’t have a domain name registered, and I’d rather not have one. I’d be happy to access this just using my external IP address. But I don’t know how “static” the IP address from my ISP is. (My router gets it via DHCP, but I don’t know how long those leases are, or if it re-uses the same IP when renewing.)
Some routers have integration with dyndns or noip. You can get a free (disposable) domain. If you do the correct port forwarding to your camera’s application server, you can access your camera from outside. However, ensure you are using HTTPS, a strong password, and the server on a non-standard port.
Pro-tip = Run wireguard to access everything securely.
Did you just seriously recommend port forwarding to a NVR login? Even worse with a consumer grade router? With HTTPS,non Standard Port and a strong password as the only security tips?
Please,people,for the love of god: Don’t do that. Really. Don’t. This is really bad advice,sorry.
Unless you are very very sure that your NVR solution is impecable in terms of security (none are), you are 100% sure you stay up-to-date all the time (including reviewing updates for issues) and have additional measures like fail2ban, IDM/IDS,etc. in place this is a very bad idea. HTTPS is only helping in terms of password transmission/spoofing,which is an unlikely vector here, a non standard port doesn’t help one bit here(have a bit of fun with shodan and see yourself) and while a strong password helps it only helps if the auth of the system and the OS below itself is watertight - a hard task.
It is always a bad idea to port forward unless you really really cannot avoid it.
Use a VPN - as you said, wireguard.
I will agree that my advice is bad.
I myself run all my services over wireguard. But I run ssh natively though but with extra hardening (fail2ban/sshkey/no default port/max retries, etc). Plus my IP changes every 24 hours. However, I did learn how to setup online services and this can be a stepping stone.
If one is experimenting, exposing the port is fine (temporarily). But if someone is running a service 24/7 over the internet, and the person does not have any cyber security acumen, wireguard is the clear winner.
Can you make some tutorials for how to?
If you tell me what kind of hardware you have, i can direct you to the correct resource. I have done it for my TPLink router, which has support for noip.com. OpenWRT/OPNSense has dedicated plugins or it’s baked-in.
I actually just set something like this up using sentryshot and a random IP camera my dad had laying around. The docs are kinda sparse but it was simple enough to get the camera set up. It supports motion and object detection in software and I think you can set it to just record on one of those events but I haven’t messed with that at all.
Edit: for remote access I’d recommend either wireguard or tailscale. I use plain wireguard without having a static IP and haven’t had it break yet but your mileage may vary.
I’d recommend
https://github.com/roflcoopter/viseron
Checks all the boxes: local storage and streaming, detection, recognition.
Should work fine with most cameras, but configuration is via YAML only, no GUI.
You can try a DDNS service to get a fixed domain name bound to your dynamic IP. Most modern routers support a few providers, try looking in the settings. They are mostly free for personal use.
I’m using one of these “shady” cameras that have good reviews. Yes they require an internet connection to set up but once you are done you can just wall them off from the internet and stream locally to your box ;)
I tried using https://kerberos.io/ a while back, I did not have success but I think that’s because my setup was wonky. We’re looking into, at least.
Also, HandsOnKatie has done a couple videos on home surveillance, I know she likes ReoLink and Home Assistant But I don’t remember what her full software stack set up as like.
A while ago I found out synology makes cameras but they’ve gone a bit dogey as a company of late.
Have a look at Agent DVR. Works locally and the “pro” features that one would need to pay for are basically just Plugins. Everything else works nice without it. Additionally it accepts basically everything you throw at it camera wise and is far easier to configure than frigate, also has a (good) HA integration and is extremly mighty if your system grows over the years.
The mobile app is nice, but it also works fairly well in a browser on mobile.
