: :
Previous slide
Next slide

Setting up SSL with Shinobi Video using Let’s Encrypt and Certbot

Edit 2020-09-25

There is an updated version of this located here.

End Edit

This help text was compiled using Ubuntu 16.04 server LTS

Install Shinobi using the online documentation

Become a super user

sudo su

Make sure your distribution is up to date

apt-get update
apt-get dist-upgrade

First change the login email address and password for the super user in super.json

Create an md5 hash of your password

echo -n 'password' | md5sum

Copy the result and edit the super.json file replacing the email and password with your info.

cd /home/user/Shinboi
nano super.json

Ctrl O, Enter to Save and Ctrl X to exit

Install certbot

apt-get update
apt-get install software-properties-common
add-apt-repository ppa:certbot/certbot
apt-get update
apt-get install certbot

Setup the folder structure you are going to use for certbot

cd /home/user/Shinobi
mkdir certs
cd /home/user/Shinobi/web
mkdir -p .well-known/acme-challenge

Generate the certificate

certbot certonly --webroot -w /home/user/Shinobi/web -d shinobi.website.com

Edit the Shinobi super configuration file to turn on SSL

nano conf.json
{
"port": 80,
"addStorage": [
{
"name": "second",
"path": "__DIR__/videos2"
}
],
"db": {
"host": "127.0.0.1",
"user": "majesticflame",
"password": "",
"database": "ccio",
"port": 3306
},
"mail": {
"service": "gmail",
"auth": {
"user": "[email protected]",
"pass": "your_password_or_app_specific_password"
}
},
"ssl": {
"key": "/etc/letsencrypt/live/website.ssl.name/privkey.pem",
"cert": "/etc/letsencrypt/live/website.ssl.name/cert.pem",
"port": 443
},

"cron": {

"key": "change_this_to_something_very_random__just_anything_other_than_this"
},
"pluginKeys": {
"Motion": "change_this_to_something_very_random____make_sure_to_match__/plugins/motion/conf.json",
"OpenCV": "change_this_to_something_very_random____make_sure_to_match__/plugins/opencv/conf.json",
"OpenALPR": "SomeOpenALPRkeySoPeopleDontMessWithYourShinobi"
}
}

Ctrl O, Enter to Save and Ctrl X to exit

Edit the Shinobi configuration file to add a static reference to the .well-known folder

nano cameras.js

Hit Ctrl W, type //pages followed by enter to search for //pages

make it look like the below by adding this line of text – app.use('/.well-known',express.static(__dirname + '/web/.well-known'));

////Pages
app.enable('trust proxy');
app.use('/libs',express.static(__dirname + '/web/libs'));
app.use('/.well-known',express.static(__dirname + '/web/.well-known'));
app.use(bodyParser.json());

Ctrl O, Enter to save and Ctrl X to quit

Restart Shinobi

pm2 start camera.js
pm2 start cron.js

Profit

Update 2019/04/02

I had to change the ssl code in the super configuration from the below to what is already above:

"ssl": {
"key": "/home/user/Shinobi/certs/privkey.pem",
"cert": "/home/user/Shinobi/certs/cert.pem",
"port": 443
},

I also changed the certbot command from the below to the above:

certbot certonly --webroot -w /home/user/Shinobi/web -d shinobi.website.com --cert-path /home/user/Shinobi/certs --key-path /home/user/Shinobi/certs --fullchain-path /home/user/Shinobi/certs --chain-path /home/user/Shinobi/certs
Facebook
Twitter
LinkedIn
Picture of beowulfs

beowulfs

All Posts »

6 Responses

  1. Love it. Hard to fallow a bit though. Have any of the updates made problems so far. Might go this route. But I figure maybe just letsencrypt the host with nginx and let shinobi talk on http for local traffic. Thoughts. Please feel free to Email me at [email protected]

    Reply

  2. It’s really a nice and helpful piece of information. I am glad that you just shared this helpful info with us. Please keep us informed like this. Thanks for sharing.

    Reply

  3. hola amigo 🙂 I was wondering if you could get in touch with me and we could add the manual modifications to the code base.

    There is a user who was using your setup but it unfortunately broken when I updated how code is called within camera.js.

    Thanks for reading, cheers!

    Reply

  4. Hi,

    First of all great tutorial, thank you very much! I have a particular case which might be relevant for some users.
    I spent hours to make it work no Ubuntu 18.04 with Shinobi installed through “easy way” (https://shinobi.video/docs/start#content-ubuntu–the-easier-way).
    What I found out is that once changes are made to config.json & Shinobi restarted node server is not listening on assigned ssl port (443).
    I had to restart nodejs in order to changes take effect (ie server is listening on ssl port).

    I used: “sudo ps aux | grep node” and killed all node processes “sudo kill -9 [pid]”

    Hope this helps someone,
    a.

    Reply

    1. Hi, I still run into some problems… I can access shinobi through the selected port, but can’t access it via HTTPS, do you know what im doing wrong?

      Cheers in advance.

      Reply

  5. In the Shinobi version I am running, instead camera.js, I found the “//Pages” area in libs/webServerPaths.js and added the “app.use(‘/.well-known’,express.static(__dirname + ‘/web/.well-known’));” line there. Seems to work. Thanks for the write up!

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Home

All Posts