2·
6 months agoI tried a bunch, zoneminder, motioneye, frigate, etc., before finally settling in AgentDVR. It offers a fair bit of flexibility via MQTT and “just worked” with my PTZ camera.
K3CAN
Also at @[email protected] on Mastodon.
- 0 Posts
- 7 Comments
Joined 2 years ago
Cake day: June 21st, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
You’re not a “target” as much as you are “a thing that exists.” These aren’t targeted attacks.
That said, you can look into adding some additional measures to your webserver if you haven’t already, like dropping connections if a client requests a location they shouldn’t, like trying to access /admin, /…/…, /.env, and so on.
On nginx, it could be something like:
location ^/\.|)/admin|/login { return 444; }Of course, that should be modified to match whatever application you’re actually using.
I self host.
I use nginx as a reverse proxy with crowdsec. The backends are nginx and mariadb. Everything is running on Debian VMs or LXCs with apparmor profiles and it’s all isolated to an “untrusted” VLAN.
It’s obviously still “safer” to have someone else host your stuff, like a VPS or Github Pages, etc, but I enjoy selfhosting and I feel like I’ve mitigated most of the risk.
If you’re going to be playing with custom locations and such, it might be worth using nginx directly instead of through the limitations of NPM.
I know I’m a bit late to the conversation, so I don’t know if this is still helpful… But I have a camera with “AI Detection” built into it and it appears to send alerts via its ONVIF connection. I’ve disabled motion and other detectors on my NVR (AgentNVR) and instead configured it to just wait for an alert from the camera itself to start recording. It’s been working quite well.
My initial plan was to use a coral TPU and frigate, but the Coral/Gasket drivers appear to be pretty old and I couldn’t get them to work properly, myself.
I have a couple Libre Office files where I document the non-technical stuff for my own quick reference, like network layout in Draw, or IP and port assignments in Calc. I use a git repo to store and organize podman scripts, systemd unit files, configs, etc. Probably not the most elegant solution, but it’s simple and FOSS.
Reverse proxy is Nginx Proxy Manager.
There are some tools to help, but things are sort of specific to particular aspects. Lynis for general systems, ntopng for networks, and such.
For 90% of stuff, though, you can just stick to stable repos and upgrade on a schedule and you’ll be alright.