OpenIPC
/
wiki
mirror of https://github.com/OpenIPC/wiki.git
1
0
Fork 0
Code Activity

update and extend acme instruction

pull/74/head
Paul Philippov 2023-02-09 18:00:50 -05:00
parent 5b5a696588
commit f1ffc9e552
1 changed files with 42 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
en/acme-v2.md
View File

@ -8,23 +8,58 @@ Make sure your camera is accessible from the Internet on both port 80 (HTTP)
and port 443 (HTTPS). You might need to set up port forwarding on your router
for that.
Create an ACME account:
### Create an ACME account:
__on camera:__
```console
$ uacme -y -v new
```
Issue a certificate for your domain:
### Give your camera a FQDN
Secure HTTP (Hypertext Transfer Protocol Secure, HTTPS) cannot be issued to a bare IP address,
you need a Fully Qualified Domain Name (FQDN) for your camera. That is how your camera will
be accessed over HTTPS.
Create an account with any Domain Name Register and register a domain name, e.g. _mysuperduperdomain.com_.
Set up a DNS zone for that domain name and create a record for your camera in that domain zone.
```
DNS Records
mysuperduperdomain.com
---------------------------------------
Type Host IP Address TTL
A ipc-001 75.123.45.555 600
```
where `75.123.45.555` is your public IP address.
### Set up port forwarding if your camera is behind NAT.
Add port forwarding from port 80 of WAN interface to port 80 of your camera's local IP address.
```
75.123.45.555:80 => 192.168.1.10:80
```
If you have several devices on your network serving public HTTP requests then add your
camera domain name to HTTP proxy.
### Issue a certificate for your domain:
__on camera__:
```console
$ uacme -y -v -h /usr/share/uacme/uacme.sh -t EC issue www.your.domain.com
$ uacme -y -v -h /usr/share/uacme/uacme.sh -t EC issue ipc-001.mysuperduperdomain.com
```
If everything goes well, uacme will ask you to set up a challenge, e.g.:
### Set up a local DNS record override
You can add an override record to `/etc/hosts` file on your machine
```
uacme: challenge=http-01 ident=www.your.domain.com token=kZjqYgAss_sl4XXDfFq-jeQV1_lqsE76v2BoCGegFk4
key_auth=kZjqYgAss_sl4XXDfFq-jeQV1_lqsE76v2BoCGegFk4.2evcXalKLhAybRuxxE-HkSUihdzQ7ZDAKA9EZYrTXwU
echo "192.168.1.10 ipc-001.mysuperduperdomain.com" >> /etc/hosts
```
or you could create a record on your local DNS server like [pi.hole](https://pi-hole.net/)
so that anyone using that DNS server could have secure access to the camera, too.
Restart majestic and test access to https://www.your.domain.com/
### Restart majestic and test access
Open your favorite web browser and go to https://ipc-001.mysuperduperdomain.com/