MotionEyeOS - send HTTP commands from public internet - NGINX?

1,157 views
Skip to first unread message

Charles Middleton

unread,
May 30, 2018, 6:43:38 AM5/30/18
to motioneye
Hi guys, 

Bit of a mission here... 

I want to be able to start / stop recording on my MEOS (MotionEyeOS) device, by using Google Assistant on my Google Home. 

Somthing like "OK Google, start recording" when I leave the house etc. 

I see that Google provide an IFTTT recipe for Assistant ("When I say... do this..."), which can be set to send HTTP commands. 

Looking at the docs for Motion, I see that motion detection (at least) can be enabled / disabled through HTTP commands.

However, for this to work, I'd need to expose the Pi running MEOS to the public internet (so IFTTT / Assistant can reach it to send the HTTP commands). 

This is the bit i'm nervous of... 

Doing a bit of digging, MotionEye itself suggests using NGINX reverse proxy to make the system reachable on the web, which sounds like a solution. 

So...

1. Bearing in mind I only want to be able to send HTTP commands (not access cams etc) via the public internet, is this still the best way of doing it?
2. Does NGINX and the tutorial work with MotionEyeOS, as well as MotionEye?

Thanks for any assist! :) 



David Chew

unread,
May 30, 2018, 9:29:58 AM5/30/18
to Charles Middleton, motioneye

--
You received this message because you are subscribed to the Google Groups "motioneye" group.
To unsubscribe from this group and stop receiving emails from it, send an email to motioneye+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/motioneye/c7157670-1fa2-4537-88af-88ef60baba91%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.



--
David T. Chew

Mark Andrews

unread,
May 30, 2018, 10:29:52 AM5/30/18
to motioneye
caveat - haven't used IFTTT + google assistant myself...

I believe you want to put your cameras / motioneye infrastructure behind a reverse proxy ( i use nginx) and allow only HTTPS sessions from the outside (HTTP okay inside your network - eg, my cameras only support HTTP connections; I can only send them commands via an HTTPS session to my externally facing Nginx reverse proxy)

You will set up your google assistant to make an HTTPS session - not HTTP - to nginx. Here is a link that looks like what you need to have a secure google assistant connection to your service :  https://developers.google.com/actions/identity/oauth2-code-flow

Charles Middleton

unread,
May 31, 2018, 3:27:16 AM5/31/18
to motioneye
Thanks Mark - so, sounds like NGINX is the way to go... 

With a reverse proxy like this - does NGINX sit immediately behind the router, running all devices on the network through the proxy, or just the device it's on - i.e install NGINX on the PI running as a MEOS hub?

To leave my MEOS hub with as much resources as possible to do it's camera / recording stuff, I want to install NGINX on another PI I have running - presumably I can "point the ports" at a different IP, i.e the MEOS hub itself?

Not used a reverse proxy before - and though I can hack my way through installation, trying to get my head around its impacts on the network etc.

Charles Middleton

unread,
May 31, 2018, 3:30:08 AM5/31/18
to motioneye
Thanks Dave - have looked at OH, HASS etc. Had a play with them in the past, certainly very powerful - and may end up going that way in the longer term. 

For the moment though, feels like overkill just to send HTTP to MEOS, but thanks for the input! :) 


On Wednesday, 30 May 2018 14:29:58 UTC+1, David Chew wrote:
On Wed, May 30, 2018 at 6:43 AM, Charles Middleton <chaz.mi...@gmail.com> wrote:
Hi guys, 

Bit of a mission here... 

I want to be able to start / stop recording on my MEOS (MotionEyeOS) device, by using Google Assistant on my Google Home. 

Somthing like "OK Google, start recording" when I leave the house etc. 

I see that Google provide an IFTTT recipe for Assistant ("When I say... do this..."), which can be set to send HTTP commands. 

Looking at the docs for Motion, I see that motion detection (at least) can be enabled / disabled through HTTP commands.

However, for this to work, I'd need to expose the Pi running MEOS to the public internet (so IFTTT / Assistant can reach it to send the HTTP commands). 

This is the bit i'm nervous of... 

Doing a bit of digging, MotionEye itself suggests using NGINX reverse proxy to make the system reachable on the web, which sounds like a solution. 

So...

1. Bearing in mind I only want to be able to send HTTP commands (not access cams etc) via the public internet, is this still the best way of doing it?
2. Does NGINX and the tutorial work with MotionEyeOS, as well as MotionEye?

Thanks for any assist! :) 



--
You received this message because you are subscribed to the Google Groups "motioneye" group.
To unsubscribe from this group and stop receiving emails from it, send an email to motioneye+...@googlegroups.com.
Message has been deleted

Mark Andrews

unread,
May 31, 2018, 10:28:48 AM5/31/18
to motioneye
Hi Charles,

Yes, you can run nginx on one pi behind the router, and have that pi pass commands to cameras / motioneye on the network. Nginx has a configuration file, and in this file you specify the target cameras. So, for example, say you have a pi running motioneye
at 10.1.0.1, and 2 cameras at 10.1.0.2 and 10.1.0.3. You might have entries in your nginx config like this:

location /motioneye/ {
        proxy_pass http://10.1.0.1/;

location /camera1/ {
        proxy_pass http://10.1.0.2/;

location /camera2/ {
        proxy_pass http://10.1.0.3/;

Now, when you access your system from an outside browser using https, your nginx pi will forward the request to the motioneye / camera using http

https://charles-network.org/motioneye    # you will get the motioneye web interface
https://charles-network.org/camera1        # you will get camera 1 web interface
https://charles-network.org/camera2       # you will get camera 2 web interface

Now, many home routers have a default reject policy, meaning you won't be able to connect to your devices until you configure the router. Say you want to do port forwarding on your devices using port 1234. You add a rule to your router that says "when someone tries to connect on port 1234, forward that to my nginx pi on port 443 (default https port)
You would then connect from outside with a port specification:


This way, nobody can directly access your motioneye / cameras from outside; they must go through the nginx pi.

In some rare case your home router may have a default accept policy. If so, you want to explicitly add rules to reject external connections to any device on your network except the nginx pi.

HTH, Mark

David Chew

unread,
May 31, 2018, 10:37:27 AM5/31/18
to Charles Middleton, motioneye

There was some code on there that might help you do it remotely,

 

Sent from Mail for Windows 10

 

From: moti...@googlegroups.com <moti...@googlegroups.com> on behalf of Charles Middleton <chaz.mi...@gmail.com>
Sent: Thursday, May 31, 2018 3:30:08 AM
To: motioneye
Subject: Re: MotionEyeOS - send HTTP commands from public internet - NGINX?
 

Charles Middleton

unread,
May 31, 2018, 11:23:04 AM5/31/18
to motioneye
Wow - thanks for your help mate! 

I'll have a go over the weekend or so, and let you know how I get on :) 

Mark Andrews

unread,
May 31, 2018, 11:59:00 AM5/31/18
to motioneye
Glad to help.

I missed closing quotes in the nginx config part of my earlier post - each should be of the form

location /motioneye/ {
        proxy_pass http://10.1.0.1/;
}

On more potential snag - home routers usually assign IP addresses to your devices using DHCP. Using DHCP, if you were to unplug a camera and later plug it back in, your camera might have a different IP address, and your config scripts would be broken. I recommend you change from DHCP to static addresses for your security system devices. The router should have settings to do this.

Good luck - looking forward to hearing how it goes.
Message has been deleted

Royce Osentowski

unread,
Aug 6, 2018, 8:43:30 PM8/6/18
to motioneye
i really could use a little help as i am stuck and have been for days now. and this is more a me and nginx issue than anything(I believe). i got nginx up and running with HTTPS i am now secure with password authentication for my openhab service. what i cant figure out now and I have been searching and trying, but i just dont understand how to add my motionEyeOS server to the nginx server. i think it is mostly my lack of knowledge, but i seen what you posted and is fairly close to  what i want to accomplish. so if i go to example.com it launches openhab (which works currently) and then if i want to go to motionEyeOS it would be example.com/cameras/ I tried a few different things, but only one actually produced anything and it was the MEOS site in text form i have attached my sites-enabled config and then an example of the webpage load i received. any help would be beyond greatly appreciatted.

server {
    listen                          80;
    server_name                     example.com;
    return 301                      https://$server_name$request_uri;
}
server {
    listen                          443 ssl;
    server_name                     example.com;

    ssl_certificate                 /etc/letsencrypt/live/example.com/fullchain.pem; # or /etc/ssl/openhab.crt
    ssl_certificate_key             /etc/letsencrypt/live/example.com/privkey.pem;   # or /etc/ssl/openhab.key
    add_header                      Strict-Transport-Security "max-age=31536000"; # Remove if using self-signed and are having trouble.


    location / {
        proxy_pass                              http://10.0.0.100:8080/;
        proxy_set_header Host                   $http_host;
        proxy_set_header X-Real-IP              $remote_addr;
        proxy_set_header X-Forwarded-For        $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto      $scheme;
        satisfy                                 any;
        allow                                   10.0.0.60;
        allow                                   10.0.0.20;
        allow                                   10.0.0.21;
        allow                                   10.0.0.15;
        allow                                   10.0.0.16;
        allow                                   127.0.0.1;
        deny                                    all;

##       change the normal "start" redirect directly to the basic ui;

##      Nginx Password Protection
        auth_basic                              "Username and Password Required";
        auth_basic_user_file                    /etc/nginx/.htpasswd;
    }

    location /cameras/ {
        proxy_pass http://10.0.0.50/;
        proxy_read_timeout 120s;
        access_log off;
    }

    #### When using Let's Encrypt Only ####
    location /.well-known/acme-challenge/ {
        root                                    /var/www/example.com;
    }
}






Royce Osentowski

unread,
Aug 8, 2018, 11:25:15 AM8/8/18
to motioneye
Ok i got it figured out and solved i was very close as all my config was correct. my issue was actually not with nginx, but not setting a correct basepath in my MEOS system. i added /cameras to the basepath and it now works I am beyond happy now! hopefully this info will help someone in the future if they are setting up and having similar issues.
Reply all
Reply to author
Forward
0 new messages