Overview

So you want to use a cheap IP camera as a baby cam, huh? A little shocked at how little security there is?

Especially after reading recent articles.

“Oh, wait! I can reverse proxy this using apache!” you tell yourself. However you soon learn that in doing so you lose audio capabilities.

Solution? Use stunnel instead of apache to reverse proxy. Audio will still work, over the Internet/4G using IP Cam Viewer for Android. Using an Iphone? Go ask Steve Jobs for advice.

Details

You will need to setup stunnel on a machine running 24/7 on the same network as your camera. This machine will then be hooked up to your router so it’s accessible from the internet at large. If you do everything right you will be exposing only the secure interface (https) and not the default interface to the world.

Apache Reverse Proxy

Lots of people have detailed how to reverse proxy your IP camera using Apache. This is great, and it works great, except for the audio functions. Because the audio is done in some proprietary way using an IP socket, and is not HTTP, Apache can’t properly encapsulate it for https. However, if you don’t care about Audio, this is still a great way to go.

Camera Setup

You need to fix your camera to an IP Address. You have two options: 1. tell your router to always assign the same IP address to the camera using DHCP. Or 2. Used a static IP address when setting up the camera. Doing this is outside the scope of this document.

Stunnel

In the comments on bitsofinfo.wordpress.com, someone mentioned that stunnel would work. I first set it up and tried it with the app I had at the time, tinyCam Monitor Pro, but the audio would not work! The camera functions and video were working great though. I have since moved to IP Cam Viewer (above) as I mentioned.

I’m running Ubuntu, but you could be running any of Linux, OS X, or Windows and still be using stunnel. However, if you’re not running Linux I can’t help much.

This stunnel guide for ubuntu helped me set it up.

Here is my stunnel.conf. Note that I’ve fixed my camera to the IP 192.168.0.170. Change this to match your network settings.

chroot = /var/lib/stunnel4/
setuid = stunnel4
setgid = stunnel4
pid = /stunnel4.pid
cert = /etc/stunnel/mail.pem
options = NO_SSLv2
options = SINGLE_ECDH_USE
options = SINGLE_DH_USE
 
[cam]
accept = 4445
connect = 192.168.0.170:80

Yup, that’s it.

service stunnel4 restart
tail /var/log/syslog

Router Setup

You will need to have your router point to your machine running stunnel. Setting this is up is also outside the scope of the document. The port you choose in the step above is the port exposed to the outside world. Remember the IP address you put in the router is of the computer running stunnel, not the camera.

App Setup

Setup your app to point to the IP address of your router and the port you setup. If you’re on a dynamic DNS and have a Bind server at your disposal, see my post about hosting your own dyndns.