The more we know the harder it is to defeat us!

Here I describe how to set up secure video streaming using Raspberry Pi and a dedicated camera with UV4L. This post is written in tutorial–like form and the set–up presented here will be used in my other projects.

Retrieving video from camera is not that hard. For this you can use UV4L. It is an open source initiative which aims to deliver user space for real or virtual video input or video output (after UV4L project website). In other words, it will create a device inside /dev/ which can be directly accessed to get video from it. So let’s jump straight to installing the required software.

Installing UV4L

First, we need to add UV4L repository keys:

add project repositories to our local source list:

Now we can update local repository list and install necessary packages:

Starting server

To start UV4L you need to run following command:

Analogically to stop the server you can run following command:

Starting server at boot time

To facilitate management of UV4L we can start the UV4L service at boot. There are two ways of doing it. One is to modify rc.local file like this:

The other possibility is to use update-rc.d to start UV4L server at boot using udpate-rc.d. This is how you would do this:

Also do stop UV4L from starting at boot you would do something like this:

 

Enabling camera interface

There is also a preliminary step which has to be done before working with the camera. The camera interface has to be turned on. Unless it is already turned on you have to use raspi-config command, like this:

There you can navigate through the interface and set camera interface to Enabled. After that reboot RPi and you are good to go. I assume that the camera is already connected to the mini computer.

Accessing UV4L web server

Now, you can test if the UV4L is working properly. If you have installed uv4l-server then there is a small web server which will allow you to test UV4L installation. By default the server is working on port number 8080. To test the server you need to enter this URL address inside your browser:

RPI_LOCAL_IP:8080

if you are accessing RPi from local network at a different computer. The RPI_LOCAL_IP is IP address of Raspberry PI, probably but not limited to something like this 192.168.0.x.

or

localhost:8080

if you are running it on your Raspberry Pi. However, I recommend testing it on a different computer.

You should see something similar to:

what you are interested in are two tiles: “MJPEG/Stills stream” and “Control panel”. Let’s start with the later. If you click on the nice two gears you should see something like this:

You can set resolution of the video and some other parameters like brightness or rotation. In my case, I had to rotate the image because I have mounted the camera upside down. After saving the configuration go to MJPEG/Stills stream. There you will see a live stream from the camera. There is one thing worth noting, when you have live stream active, it is open on another tab in your browser, you will not be able to save the configuration. First you have to close the live stream, save configuration and then reopen the video tab.

The MJPEG/Stills stream is used to display live stream. What is nice about it is that you can use a direct URL for this http://localhost:8080/stream.

Securing UV4L

Since sharing live stream publicly is not necessarily a good idea we should do two things:

  • add some authorization, so people who do not know the password won’t be able to log into uv4l server and change something,
  • encrypt the connection itself, thus even if someone is sniffing your network, the traffic will be safe.

Let’s start with the first one. U4VL can have up to three predefined user types:

  • admin, this user can to everything, change parameters, start live stream, everything what UV4L is capable of,
  • config, he can change configuration file,
  • user, he can only start live stream without modifying the parameters.

The password is not stored in open form it is encrypted as md5 hash. To create a md5 hash you can use Python and those lines:

For example, hash for password ‘mysecretpassword’ will be ‘4cab2a2db6a3c31b01d804def28276e6’.

When you generate those three password you can edit the configuration file. It can be found under /etc/uv4l/uv4l-raspicam.conf. Inside this file you should find lines:

If there are commented out remove ‘#’ at the beginning of each line and substitute AAAAA, BBBBB, CCCCC with md5 hashes. Also alter this line

to

After restarting uv4l service the server will be protected. The next thing is to use HTTPS instead of HTTP to encrypt the traffic. This can be done by altering three lines:

First one says that HTTPS should be used and the last two are paths to SSL private key and certificate respectively. There are two ways of obtaining the certificate: you can generate a self-signed one but each web browser will warn about that saying that this kind of certificate is untrusty but it will work! You can generate it with following commands:

Generate and save CSR (Certificate Signing Authority), it will prompt you for passphrase to secure the private key which will be saved to privkey.pem.

Generate key for signing:

Generate certificate and key. The certificate will be valid for 100 days:

Copy certificate and private key:

The other option is to generate Letsencrypt certificate. It is as easy as this single line:

But it requires you to have registered domain EXAMPLE.COM. Also you should pass a valid email EMAIL@EXAMPLE.COM. Renewing a certificate is also very straightforward:

The certificates can be found under /etc/letsencrypt/live/EXAMPLE.COM/. You should be interested in files cert.pem and privkey.pem (remember to change its name to privkey.key to match the configuration in configuration file).

Additional configuration

To set up different port change following line

Default encoding, resolution and frame rate can be changed with those lines:

Some image parameters like sharpness, contrast, brightness and saturation can be adjusted with:

Also if you would like to rotate the image you can pass the number of degrees:

Or you can flip the image horizontally or vertically:

There are many more options. Just remember those are default parameters and can by changed with web interface!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Donate

If you like my blog please consider a small donation.

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 233 other subscribers