Run ZoneMinder in a CHROOTed environment

Spread the love Tokyo command chrootIn this post you will learn how to run  ZoneMinder at your VU+ Solo2 satellite receiver in a  CHROOTed environment to monitor your Foscam FI9805W webcam.

Meanwhile you are simply creating a LAMP (Linux/Apache/MySQL and PHP)-configuration at your VU+ Solo2 and even a building environment.

Steps in this tutorial

  1. Bootstrap a basic Debian system;
  2. Prepare CHROOTed-environment for ZoneMinder;
  3. Full installation of ZoneMinder

Bootstrap a basic Debian system

When you have finished this step, you have installed a basic Debian system at your satellite receiver.

Create a first stage Debootstrap directory at desktop computer

In this step you will create a first stage / foreign Debootstrap directory at your Debian based (Ubuntu is ok too) desktop/laptop computer.

First make sure the debootstrap package is installed at your desktop/laptop, next create the first stage debootstrap directory at: /tmp/chroot

Note 1: The command debootstrap is preceded with sudo, it is required to run debootstrap as root.

Note 2: The architecture at the VU+ Solo2 is MIPS architecture using a little endian byte order, therefore  MIPSel is used.

sudo apt-get install debootstrap
sudo debootstrap --arch=mipsel --foreign jessie /tmp/chroot

Transfer the debootstrap directory to the satellite receiver

Now you have to transfer this foreign debootstrap directory to the satellite receiver. After transfer, it will be available at: /media/hdd/opt/chroot

We will transfer the directory using TAR over SSH. Make sure that you replace [IP-address of satellite receiver] with the IP-address or fully qualified domain name (FQDN) of the satellite receiver.

Note: Here we assume that: SSH is running at the satellite receiver, it is possible to login as root and there is (enough) storage available at /media/hdd (harddisk) at the satellite receiver.  The command will create subdirectories itself.

cd /tmp/chroot
sudo tar cf - . | ssh root@[IP-address of satellite receiver] 'mkdir -p /media/hdd/opt/chroot; cd /media/hdd/opt/chroot; tar xf -'

Warning: Don’t use (recursive) SCP (secure copy) for this, because hard- or soft links won’t be duplicated. The link targets (plain text files) are copied instead by SCP.

Execute the second stage Debootstrap at the satellite receiver

To complete the installation of a basic Debian system at the satellite receiver you have to perform the following steps:

  1. Login at your satellite receiver as root using SSH or telnet. From now on, all the work will be done at the satellite receiver.
  2. Execute these commands at the satellite receiver which will start the second stage debootstrap :
    export MY_CHROOT="/media/hdd/opt/chroot"
    chroot ${MY_CHROOT} /debootstrap/debootstrap --verbose --second-stage

Prepare CHROOTed-environment for ZoneMinder

After this step your basic Debian system running in a CHROOTed-environment has been extended with packages needed to build and run ZoneMinder.

With chroot you change the root directory for the processes and childs you start using this command. These processes can’t access files (so also no commands) outside this chrooted-environment. This chrooted-environment is also called chroot jail.

Start the CHROOTed-environment

We will start the basic Debian system for the first time using chroot. It will run using it’s own root-directory which is: /media/hdd/opt/chroot

export MY_CHROOT=/media/hdd/opt/chroot
mount -t proc proc $MY_CHROOT/proc
mount -t sysfs sysfs $MY_CHROOT/sys
mount --bind /dev/pts $MY_CHROOT/dev/pts
cp /proc/mounts $MY_CHROOT/etc/mtab
cp /etc/resolv.conf $MY_CHROOT/etc/resolv.conf
chroot $MY_CHROOT /bin/bash

Update CHROOTed-environment

First set the correct rights on temporary files directory and shared memory directory:

chmod 777 /tmp
chmod 777 /dev/shm/

Next tell your Debian system where to find (security) updates. Create/update the file: /etc/apt/sources.list so it will read this:

deb jessie main contrib non-free
deb jessie-updates main contrib non-free
deb jessie/updates main contrib non-free

Finally update your basic Debian system with the latest updates:

apt-get update && apt-get upgrade

Install packages at your Debian system

In this step you will install the packages which are needed to build and run ZoneMinder.

Ignore warning/errors while installing Apache, it is possible that the TCP-port (80) is in use already. Later we will configure Apache so it will listen at another port.

When you are asked for the MySQL-root-password, enter a password and remember it!

Start installation by executing this command:

apt-get install mysql-server apache2 libapache2-mod-php5 php5-mysql perl build-essential automake autoconf libpolkit-gobject-1-dev libmysqlclient-dev libjpeg-dev libssl-dev libvlc-dev libdate-manip-perl libwww-perl libsys-mmap-perl libavcodec-dev libavdevice-dev libavutil-dev libbz2-dev libpcre3-dev libarchive-zip-perl libmime-tools-perl libmime-lite-perl libnet-sftp-foreign-perl libexpect-perl libdevice-serialport-perl

Configure Apache

As you saw in the previous step, Apache tries to listen/bind to port 80 which is in use (when you are running the web interface). So we let Apache listen at another port, besides of that we will only allow secure HTTP-connections (httpS), so we must enable the SSL-module of Apache. Finally we know that ZoneMinder needs Common Gateway Interface-support (CGI), let’s enable that too in this step.

First let Apache listen only to port 83 (and only when SSL is active. Change /etc/apache2/ports.conf so it will only contains these lines:

<IfModule ssl_module>
	Listen 83

Let the default httpS-virtual host listen at port 83. Change the line of /etc/apache2/sites-available/default-ssl.conf which reads:

<VirtualHost _default_:443>


<VirtualHost _default_:83>

Disable the default http-site and enable the default httpS-site:

rm /etc/apache2/sites-enabled/000-default.conf
ln -s /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-enabled/000-default-ssl.conf

Now enable the necessary Apache modules: SSL which depends on the Inter-Process Session Cache (socache_shmcb) and CGI:

# Enable SSL
ln -s /etc/apache2/mods-available/ssl.conf /etc/apache2/mods-enabled/ssl.conf
ln -s /etc/apache2/mods-available/ssl.load /etc/apache2/mods-enabled/ssl.load

# Must also activate Inter-Process Session Cache (socache_shmcb) dependency of SSL-module
ln -s /etc/apache2/mods-available/cache_socache.load /etc/apache2/mods-enabled/cache_socache.load
ln -s /etc/apache2/mods-available/cache.load /etc/apache2/mods-enabled/cache.load
ln -s /etc/apache2/mods-available/socache_shmcb.load /etc/apache2/mods-enabled/socache_shmcb.load

# Enable CGI
ln -s /etc/apache2/mods-available/cgi.load /etc/apache2/mods-enabled/cgi.load

Now Apache should start without problems. Execute this command at the prompt to test configuration / start Apache:

/etc/init.d/apache2 restart

Full installation of ZoneMinder

ZoneMinder will be build from source. To do the full installation you first have to download the sources, than build and install ZoneMinder. After that you have to provision MySQL with the basic ZoneMinder data and add a database user. Next you have to add some configuration to Apache and configure ZoneMinder. Finally you can start the services and use ZoneMinder.

Download ZoneMinder

In this step you download the source of ZoneMinder to a temporary location. You can find the latest download link at:

cd /tmp
wget --no-check-certificate "" -O - | tar zx

Build / install ZoneMinder

You are ready to build ZoneMinder. After that, ZoneMinder will be installed in directory: /opt/zm. The web documents (i.e. HTML-, image- and active content files) are installed into: /opt/zm/html and /opt/zm/cgi-bin directories.

cd /tmp/ZoneMinder-1.28.1
export ZM_SSL_LIB=openssl && ./configure --prefix=/opt/zm --with-webdir=/opt/zm/html --with-cgidir=/opt/zm/cgi-bin --with-webuser=www-data --with-webgroup=www-data
make install

 Note: ZoneMinder is configured, build and installed without X.10, FFMPEG and Cambozola (multipart JPEG streams viewer) support.

Provision MySQL with ZoneMinder data

In this step you will provision MySQL with the basic ZoneMinder data and create a ZoneMinder database user (zmuser) into MySQL.

mysql -u root -p < db/zm_create.sql
mysql -u root -p
mysql> grant select,insert,update,delete on zm.* to 'zmuser'@localhost identified by 'zmpass';
mysql> quit
mysqladmin -u root -p reload

Add ZoneMinder configuration to Apache

Here you create and activate the Apache configuration. Create a file: /opt/zm/etc/apache_configuration.conf containing this as content:

ScriptAlias /zm/cgi-bin "/opt/zm/cgi-bin"

<Directory "/opt/zm/cgi-bin">
    Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
    AllowOverride None
    Require all granted

Alias /zm /opt/zm/html

<Directory /opt/zm/html>
  php_flag register_globals off
  Options Indexes FollowSymLinks
  AllowOverride None
  Require all granted
  <IfModule mod_dir.c>
   DirectoryIndex index.php

Enable this configuration in Apache:

ln -s /opt/zm/etc/apache_configuration.conf /etc/apache2/conf-enabled/zoneminder.conf
/etc/init.d/apache2 reload

Configure ZoneMinder

First we have to fix a Perl path. Perl is searching for ZoneMinder-modules at the wrong location. Maybe this error occurs because we installed not at the default location but at: /opt/zm (prefix-flag).

mkdir /opt/zm/share/perl
ln -s /opt/zm/share/perl5 /opt/zm/share/perl/5.20.2

Next we will update ZoneMinder configuration: Prefix web path to ZMS streaming server with: “/zm“,  authenticate user logins to ZoneMinder, don’t check with for updated versions and display mini-thumbnails of event images in event lists.

mysql -u root -p zm
mysql> UPDATE Config SET Value="/zm/cgi-bin/nph-zms" WHERE Name="ZM_PATH_ZMS";
mysql> UPDATE Config SET Value="1" WHERE Name="ZM_OPT_USE_AUTH";
mysql> UPDATE Config SET Value="0" WHERE Name="ZM_CHECK_FOR_UPDATES";
mysql> UPDATE Config SET Value="1" WHERE Name="ZM_WEB_LIST_THUMBS";

Start services

Now start the services ZoneMinder depends on: Apache2 (webserver) and MySQL (database) and finally start ZoneMinder itself.

/etc/init.d/apache2 start
/etc/init.d/mysql start
/opt/zm/bin/ start

After these steps it must be possible to access ZoneMinder via the webinterface.

Visit ZoneMinder webinterface

  1. https://[IP-address of satellite receiver]:83/zm/
  2. Let your browser accept the security certificate.
  3. Login using username: admin and password: admin

Add sample webcam

These steps will learn you how to add the Foscam FI9805W webcam as motion detecting camera assuming the username and password of the camera are both: ‘guest‘.

Please read for complete configuration and usage the documentation at the ZoneMinder-website.

  1. Click button: ‘Add New Monitor’.
  2. At tab-page ‘General
    • Select as ‘Source Type’: ‘Remote’
    • Select as ‘Reference Image Blend %ge’: ‘12,5% (Outdoor)’
  3. At tab-page ‘Source
    • Remote Host Name: The IP-address of your camera
    • Remote Host Port: The port at your camera (i.e. 88)
    • Remote Host Path:
    • Target Colorspace: ’32 bit colour’
    • Capture Width (pixels): ‘1280’
    • Capture Height (pixels): ‘960’
    • Press the ‘Save’ button
  4. Check logging by pressing ‘Log‘ link at ZoneMinder dashboard. During ‘warming-up’ of camera, it is possible you see this kind of errors, just ignore them:
    socket_sendto( /var/run/zm/zms-XXXXXs.sock ) failed: No such file or directory


  • To make it easier for you to start ZoneMinder the next time in the CHROOTed Debian environment, create this file:

    export MY_CHROOT="/media/hdd/opt/chroot"
    mount -t proc proc $MY_CHROOT/proc
    mount -t sysfs sysfs $MY_CHROOT/sys
    mount --bind /dev/pts $MY_CHROOT/dev/pts
    cp /proc/mounts $MY_CHROOT/etc/mtab
    cp /etc/resolv.conf $MY_CHROOT/etc/resolv.conf
    chroot $MY_CHROOT /etc/init.d/mysql restart
    chroot $MY_CHROOT /etc/init.d/apache2 restart
    chroot $MY_CHROOT /opt/zm/bin/ restart
  • It is possible you see these kind of messages in your logging:
    Can't open memory map file /dev/shm/zm.mmap.1, probably not enough space free: Permission denied
    Solve this by checking/changing permission of /dev/shm (the Apache user must be able to create/read file into this directory.

More information

Leave a comment