Because of the underlying framework (Django, Channels, and Daphne), the CAM-AI server cannot supply HTTPS. For opening the webserver to the internet (beyond your home network and safe behind the firewall of your router), it is necessary to add another layer to enable HTTPS web service on the Raspi server. We will use nginx working as a reverse proxy for this purpose. We assume that the server was installed following these instructions and was put into autostart mode following these instructions. We further assume that you have forwarded an external internet domain (ports 80, 8000, and 10443) pointing to your router to the raspi with the CAM-AI system. In this tutorial, we will use the example mydomain.org. Please replace it with your actual domain. Now you’re ready to get started! Log into your Raspi as user cam_ai:
ssh cam_ai@cam-ai-raspi
First, install nginx:
sudo apt install nginx
Then we create a nginx configuration file for our webserver:
sudo nano /etc/nginx/sites-available/mydomain.org
We fill the file with this content:
server {
listen 8000;
server_name mydomain.org;
return 301 https://$server_name:10443$request_uri;
}
server {
client_max_body_size 100M;
listen 10443 ssl;
server_name mydomain.org;
ssl_certificate /etc/letsencrypt/live/mydomain.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain.org/privkey.pem;
access_log /var/log/nginx/mydomain.org.access.log combined;
error_log /var/log/nginx/mydomain.org.error.log info;
location /protected/ {
internal;
alias /home/cam_ai/temp/;
}
location / {
proxy_pass http://127.0.0.1:8888;
proxy_set_header X-Real-IP $remote_addr;
proxy_http_version 1.1;
proxy_force_ranges on;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
}
}
Remember to replace all occurrences of mydomain.org with your real domain. Save and close Nano.
sudo ln -s /etc/nginx/sites-available/mydomain.org /etc/nginx/sites-enabled/
nano ~/cam-ai/camai/passwords.py
Find the line that starts with “mydomain”, and replace it with this one:
mydomain = ‘mydomain.org'
Find the line that starts with “httpsport”, and replace it with this one:
httpsport = '10443'
Save and close Nano. Last we install letsencrypt to generate the needed SSL certificates:
sudo apt install certbot python3-certbot-nginx
Then we start it and generate the certificates: (Ensure that port 80 is open on your Raspberry Pi.)
sudo systemctl stop nginx
sudo certbot certonly --rsa-key-size 2048 --standalone --agree-tos -d mydomain.org
sudo systemctl start nginx
Open the certbot configuration file:
sudo nano /etc/letsencrypt/renewal/mydomain.org.conf
Again: Remember to replace all occurrences of mydomain.org with your real domain. Find the line:
authenticator = standalone
Replace it with:
authenticator = nginx
Save and close Nano. Open the service description file:
nano ~/bashes/start-c_server-service.sh
Find the line:
python manage.py runserver 0.0.0.0:8000 --noreload
Replace it with:
python manage.py runserver 0.0.0.0:8888 --noreload
Save and close Nano. Reboot the server and you are done.