this post was submitted on 05 Jan 2024
45 points (97.9% liked)

Selfhosted

40736 readers
460 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
 

I want to configure a local webcam to stream (and possibly record) a live feed open to the internet, and acess it half-world away while traveling, using FOSS only acessing it via Android VLC

This guide was quite comprehensive; however the packages for nginx-rtmp are quite abandoned in arch linux. So I thought maybe WebRTC could be an alternative - the communication itself should be encrypted, which WebRTC seems to do; however, I still can't figure out if VLC will handle this well

Also, it seems that I might need to self-host a VPN to achieve this? What are my options? Has anyone else done this ?

all 22 comments
sorted by: hot top controversial new old
[–] vegetaaaaaaa 12 points 11 months ago* (last edited 11 months ago) (1 children)

I recently set up a personal Owncast instance on my home server, it should do what you're looking for. I use OBS Studio to stream random stuff to friends, if your webcam can send RTMP streams it should be able to stream to Owncast without OBS in the middle - else, you just need to set up OBS to capture from the camera and stream to Owncast over RTMP.

the communication itself should be encrypted

I suggest having the camera/OBS and Owncast on the same local network as RTMP is unencrypted and could possibly be intercepted between the source and the Owncast server, so make sure it happens over a reasonably "trusted" network. From there, my reverse proxy (apache) serves the owncast instance to the Internet over HTTPS (using let's encrypt or self-signed certs), so it is encrypted between the server and clients. You can watch the stream from any web browser, or use another player such as VLC pointing to the correct stream address [1]

it seems that I might need to self-host a VPN to achieve this

Owncast itself offers no authentication mechanism to watch the stream, so if you expose this to the internet directly and don't want it public, you'd have to implement authentication at the reverse proxy level (HTTP Basic auth), or as you said you may set up a VPN server (I use wireguard) on the same machine as the Owncast instance and only expose the instance to the VPN network range (with the VPN providing the authentication layer). If you go for a VPN between your phone and owncast server, there's also no real need to setup HTTPS at the reverseproxy level (as the VPN already provides encryption)

Of course you should also forward the correct ports (VPN or HTTPS) from your home/ISP router to the server on your LAN.

There are also dedicated video surveillance solutions.

[–] [email protected] 11 points 11 months ago* (last edited 11 months ago) (1 children)

If you have a Home Assistant instance, adding a webcam and accessing it from outside of your home network is quite easy: https://www.home-assistant.io/blog/2016/06/23/usb-webcams-and-home-assistant/

Home Assistant is a very useful platform to have around if you have a handful of IoT devices at home.

[–] shadowintheday2 1 points 11 months ago

Thanks, I will look into setting up Home Assist

[–] [email protected] 7 points 11 months ago

I'm using Frigate with a Google Coral connected to Home Assistant, it'd send an image and a short video to a Telegram group with my wife whenever it detects a person.

I'm using OpenIPC firmware flashed on a chinese Goke camera and works great. It connects to Frigate using RTMP.

[–] abominable_panda 7 points 11 months ago* (last edited 11 months ago) (3 children)

MediaMTX can sort a lot of this for you. Then its just a matter of accessing your feed on vlc.

VPN is the safer option of accessing your network

Personally, I use this as a camera proxy bit it can record. I use zoneminder otherwise

[–] TCB13 4 points 11 months ago* (last edited 11 months ago)

MediaMTX

Going to Mars seems easier and less resource intensive than that thing.

MediaMTX can sort a lot of this for you. Then its just a matter of accessing your feed on vlc.

Here is how you really "just access your feed from VLC" in three easy easy steps:

Step 1. Configure nginx repositories (http://nginx.org/en/linux_packages.html)

Step 2. Install nginx / nginx-rtmp

Step 3. Edit nginx config to add:

rtmp {
        server {
                listen 1935;
                chunk_size 4096;
                allow publish 127.0.0.1;
                deny publish all;

                application live {
                        live on;
                        exec_pull /usr/bin/ffmpeg -f v4l2 -input_format h264 -video_size 1920x1080 -i /dev/video4 -copyinkf -codec copy -f flv rtmp://127.0.0.1/live/stream;
                        record off;
                }
        }
}

A few notes:

  • /dev/video4 is your camera;
  • Some systems (debian) may require this sudo usermod -a -G video www-data to make sure it will work. Because ffmpeg will be launched with the www-data user that doesn't have access to the video cameras.
  • It will even turn off the camera if nobody is connected;
  • Use ffmpeg -f v4l2 -list_formats all -i /dev/video0 to find what formats your camera supports;
  • Watch the stream from VLC with the url: rtmp://device-ip/live/stream

Enjoy.

[–] shadowintheday2 2 points 11 months ago (2 children)

Thank you, I managed to get it working with MediaMTX and DockoVPN I still don't know how I would manage dynamic IP changes during the days I'm away, that would break the VPN

[–] abominable_panda 3 points 11 months ago

Amazing! Congrats :)

For the dynamic ip address that you can get a free domain name from afraid or noip or maybe others and point your vpn to your domain name instead of direct ip address. Following that you can run cron job scripts to ensure the ip address that the domain points to is up to date

[–] tapdattl 1 points 11 months ago

I just set up a security camera for my dad's office: zoneminder running the webcam and tailscale for access anywhere.

[–] [email protected] 1 points 11 months ago

this is the way. Not sure if you can watch webrtc streams with vlc though. But you can always use rtmp or hls

[–] [email protected] 3 points 11 months ago (1 children)

Setup Tailscale on your machine at home and on your Android device. It'll provide a virtual encrypted network between your devices.

Not sure what video performance across it will be like, I'm sure there's a bit of overhead.

[–] [email protected] 1 points 11 months ago (1 children)

Just use wire guard, which is the backbone of tailscale.

Tailscale could rug pull one day or start charging.

Sounds like OP could handle wire guard setup.

[–] [email protected] 1 points 11 months ago

That's true, they could. So could the devs of Wireguard. I see zero implication that either will.

Worry is interest paid on a debt you don't have.

TS already has a paid tier, so I don't see it as likely. And if they do change in someway, I can either move to paid or move to WG then, if needed.

Plus it's much easier to setup and manage, and has some neat features like Funnel. It's as easy as running an installer on the machines, and creating an account.

Last I checked (perhaps a year ago) Wireguard still required a bit of manual effort to connect machines to each other (generating/sharing keys, updating each machine config, etc), while Tailscale handles that by using an account which manages key distribution.

You can self-host TS to not be dependent on their servers for the account management. That doesn't sound like developers that are going to "pull the rug".

It's interesting, I see TS doing a lot of stuff Hamachi did 20 years ago, with having relay capability if ports can't be forwarded/opened via UPNP, or you're on a firewalled network. I'm a bit surprised it took this long, Hamachi was great in the early 2000's.

I don't see them going away, they've really developed. I'll be moving to a paid tier when I rebuild my network and lab, not that I need to, but it'll be nice to have support, and I'll be contributing to a tool that I've missed for years in Hamachi.

[–] [email protected] 3 points 11 months ago* (last edited 11 months ago)

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters More Letters
HTTP Hypertext Transfer Protocol, the Web
HTTPS HTTP over SSL
IP Internet Protocol
IoT Internet of Things for device controllers
SSL Secure Sockets Layer, for transparent encryption
VPN Virtual Private Network
nginx Popular HTTP server

6 acronyms in this thread; the most compressed thread commented on today has 8 acronyms.

[Thread #402 for this sub, first seen 5th Jan 2024, 02:35] [FAQ] [Full list] [Contact] [Source code]

[–] equidamoid 3 points 11 months ago* (last edited 11 months ago)

I'd go for HLS due to its simplicity: just files over http(s). VPN or not - depends on your network. If your machine is accessible from the internet, just putting the files into a webserver subdirectory with a long random path and using https will be secure enough for the usecase. Can be done with an ffmpeg oneliner.

The downside of HLS is the lag (practically -- 10s or more, maybe 5 if you squeeze it hard). It is in no way realtime. Webrtc does it better (and other things too), but it is also a bigger pain to set up and forward.

Also, just in case, test that the webcam works fine if left active 24/7. I had (a cheapo) one that required a powercycle after a week or so...

[–] Lordjohn68 2 points 11 months ago

My use case is similar. So i use a Pi 5 running motioneye dev 64bit. 3 cams 2 usb webcams (uvc compliant) 1 esp32 cam wifi. Another Pi a 4 this time runs pihole and wireguard vpn. Static ip so all is good. Homarr is my dashboard and i can view from that or the motioneye interface directly.

[–] TCB13 1 points 11 months ago* (last edited 11 months ago)

however the packages for nginx-rtmp are quite abandoned in arch linux.

Maybe you should switch to Debian? I've been doing it for a long time that way and playing to VLC without issues. What repositories are you using btw? Official ones at http://nginx.org/en/linux_packages.html or some 3rd party garbage?

[–] muntedcrocodile 1 points 11 months ago (1 children)

Cant u do it with vlc directly?

[–] shadowintheday2 1 points 11 months ago (1 children)

I don't think VLC alone could handle auth/permissions/encryption

[–] muntedcrocodile 2 points 11 months ago

Ur right in that case i suggest just set up a vpn to ur home lan and have it stream to lan