Remote web server for backyard camera
Overview
- Can be the most secure option listed here, but requires you to configure a web server on a VPS and involves more work than other methods.
- This article only discusses the rclone config. There are many existing documents on how to configure a web server to serve static files and/or enable SSH/SFTP access.
- For the
copymotion
script below it is assumed that the directory from which the web server is configured to serve the files is/var/www/html/motion
and that is writable by the user used to SFTP the files to the server. You should adapt the script as appropriate if you configure the web server with a different directory. - We further assume that the
rclone
‘remote’ is calledremoteweb
for this server. - You also need to configure SFTP as described below.
Configuring SFTP for use with rclone
On Pi
- Create a passwordless SSH key for the
motion
user to upload to the VPS (it is recommended the user on the VPS only have permissions required to upload motion files to the correct directory. This is known as the principle of least privilege).E.g.
sudo -H -u motion ssh-keygen -N '' -C motion@$(hostname -s) -t rsa
Make sure the
.ssh
directory and contents are only accessible tomotion
:sudo chown -R motion:motion /var/lib/motion/.ssh && sudo chmod 0700 /var/lib/motion/.ssh
The public key to copy to the VPS
$HOME/.ssh/authorized_keys
in this case would be/var/lib/motion/.ssh/id_rsa.pub
On VPS
- Make sure
/var/www/html/motion
is has read, write, and execute permissions for the user with which you use SFTP (usually the same as your SSH user). For the purposes of this documentation we will assume the username ismotion-uploader
with groupmotion-uploader
.- For example:
sudo mkdir -p /var/www/html/motion && sudo chown -R motion-uploader:motion-uploader /var/www/html/motion
.
- For example:
- Add an SSH public key for the Pi
motion
user to$HOME/.ssh/authorized_keys
file for themotion-uploader
user on the VPS.
Configuring the Pi
Create an rclone config
To create an new rclone remote as the motion
user,
execute:
sudo -H -u motion rclone config
choosing SFTP
as the backend and answering the prompts appropriately.
Add a copymotion
script
A copymotion
script for copying to a remote web server directory when using
the above autocopy configuration in /etc/motion/motion.conf
Copy this script to /usr/local/bin/copymotion
#!/bin/sh
( rclone copy /var/lib/motion/data remoteweb:/var/www/html/motion & )
NB This script assumes you have configured the destination for videos and
photos to be /var/lib/motion/data
NOT /var/lib/motion
(which is the
default). This is because the rclone config lives in /var/lib/motion/.config
and we do not want to copy it to the web server.