I’d like to host this on the Ubuntu Linux box in my home office and put a camera in my living room. Would like to be able to monitor the camera from an iPhone, and have it auto record on motion detection.
For external access though, I don’t have a domain name registered, and I’d rather not have one. I’d be happy to access this just using my external IP address. But I don’t know how “static” the IP address from my ISP is. (My router gets it via DHCP, but I don’t know how long those leases are, or if it re-uses the same IP when renewing.)
Edit: Also what is a good camera to use? Seems like a lot of these cams require registration with some shady service and their own app to view them. Which means that all of that is running through their hosted service, which I am trying to avoid.
Did you just seriously recommend port forwarding to a NVR login? Even worse with a consumer grade router? With HTTPS,non Standard Port and a strong password as the only security tips?
Please,people,for the love of god: Don’t do that. Really. Don’t. This is really bad advice,sorry.
Unless you are very very sure that your NVR solution is impecable in terms of security (none are), you are 100% sure you stay up-to-date all the time (including reviewing updates for issues) and have additional measures like fail2ban, IDM/IDS,etc. in place this is a very bad idea. HTTPS is only helping in terms of password transmission/spoofing,which is an unlikely vector here, a non standard port doesn’t help one bit here(have a bit of fun with shodan and see yourself) and while a strong password helps it only helps if the auth of the system and the OS below itself is watertight - a hard task.
It is always a bad idea to port forward unless you really really cannot avoid it.
Use a VPN - as you said, wireguard.
I will agree that my advice is bad.
I myself run all my services over wireguard. But I run ssh natively though but with extra hardening (fail2ban/sshkey/no default port/max retries, etc). Plus my IP changes every 24 hours. However, I did learn how to setup online services and this can be a stepping stone.
If one is experimenting, exposing the port is fine (temporarily). But if someone is running a service 24/7 over the internet, and the person does not have any cyber security acumen, wireguard is the clear winner.