I’d like to host this on the Ubuntu Linux box in my home office and put a camera in my living room. Would like to be able to monitor the camera from an iPhone, and have it auto record on motion detection.

For external access though, I don’t have a domain name registered, and I’d rather not have one. I’d be happy to access this just using my external IP address. But I don’t know how “static” the IP address from my ISP is. (My router gets it via DHCP, but I don’t know how long those leases are, or if it re-uses the same IP when renewing.)

Edit: Also what is a good camera to use? Seems like a lot of these cams require registration with some shady service and their own app to view them. Which means that all of that is running through their hosted service, which I am trying to avoid.

  • xavier666@lemmy.umucat.dayEnglish
    61·
    3 days ago

    For external access though, I don’t have a domain name registered, and I’d rather not have one. I’d be happy to access this just using my external IP address. But I don’t know how “static” the IP address from my ISP is. (My router gets it via DHCP, but I don’t know how long those leases are, or if it re-uses the same IP when renewing.)

    Some routers have integration with dyndns or noip. You can get a free (disposable) domain. If you do the correct port forwarding to your camera’s application server, you can access your camera from outside. However, ensure you are using HTTPS, a strong password, and the server on a non-standard port.

    Pro-tip = Run wireguard to access everything securely.

    • philpo@feddit.orgEnglish
      31·
      2 days ago

      Did you just seriously recommend port forwarding to a NVR login? Even worse with a consumer grade router? With HTTPS,non Standard Port and a strong password as the only security tips?

      Please,people,for the love of god: Don’t do that. Really. Don’t. This is really bad advice,sorry.

      Unless you are very very sure that your NVR solution is impecable in terms of security (none are), you are 100% sure you stay up-to-date all the time (including reviewing updates for issues) and have additional measures like fail2ban, IDM/IDS,etc. in place this is a very bad idea. HTTPS is only helping in terms of password transmission/spoofing,which is an unlikely vector here, a non standard port doesn’t help one bit here(have a bit of fun with shodan and see yourself) and while a strong password helps it only helps if the auth of the system and the OS below itself is watertight - a hard task.

      It is always a bad idea to port forward unless you really really cannot avoid it.

      Use a VPN - as you said, wireguard.

      • xavier666@lemmy.umucat.dayEnglish
        1·
        2 days ago

        I will agree that my advice is bad.

        I myself run all my services over wireguard. But I run ssh natively though but with extra hardening (fail2ban/sshkey/no default port/max retries, etc). Plus my IP changes every 24 hours. However, I did learn how to setup online services and this can be a stepping stone.

        If one is experimenting, exposing the port is fine (temporarily). But if someone is running a service 24/7 over the internet, and the person does not have any cyber security acumen, wireguard is the clear winner.

      • xavier666@lemmy.umucat.dayEnglish
        2·
        2 days ago

        If you tell me what kind of hardware you have, i can direct you to the correct resource. I have done it for my TPLink router, which has support for noip.com. OpenWRT/OPNSense has dedicated plugins or it’s baked-in.