=====How to install=====
https://wiki.zoneminder.com/Debian_10_Buster_with_Zoneminder_1.34.x_from_ZM_Repo#Zoneminder_1.34.x_on_Buster_LEMP_.28NGNIX.2C_Mariadb.2C_PHP.29

  sudo apt install nginx mariadb-server php-fpm php-mysql fcgiwrap
  sudo apt install apt-transport-https gnupg
  sudo mysql_secure_installation
  # Read, but basicly say Yes to everything
  sudo systemctl restart mysql
  
  sudo vim /etc/php/7.3/fpm/php.ini
Locate cgi.fix_pathinfo=1 and change to 0 and un-comment the line:
  cgi.fix_pathinfo=0 
  sudo systemctl restart php7.3-fpm
  sudo vim /etc/apt/sources.list.d/zoneminder.list
Add the following line to the end of the file
  deb https://zmrepo.zoneminder.com/debian/release-1.34 buster/ 
or
  deb https://zmrepo.zoneminder.com/debian/release-1.36 buster/ 
    
  wget -O - https://zmrepo.zoneminder.com/debian/archive-keyring.gpg | sudo apt-key add -
  sudo apt update
  sudo apt install zoneminder
Change the ZM_PATH_ZMS in the 01-system-paths.conf file to /cgi-bin/nph-zms by dropping the /zm/ 
  sudo vim /etc/zm/conf.d/01-system-paths.conf
  sudo systemctl enable zoneminder
  sudo systemctl restart zoneminder
Edit the Ngnix default configuration.
  sudo vim /etc/nginx/sites-available/default
Locate the line "index index.html index.htm index.nginx-debian.html;" and add index.php
  index index.php index.html index.htm index.nginx-debian.html;
In the "server" section after listen [::] :80 default_Server; add
  include /etc/nginx/zoneminder.conf;
Create a Zoneminder conf file
  sudo vim /etc/nginx/zoneminder.conf
Enter the following into the zoneminder.conf file (This file was improved by databoy2k)
<sxh bash; gutter: false>
location /cgi-bin {
auth_basic off;
        alias /usr/lib/zoneminder/cgi-bin;     
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $request_filename;
        fastcgi_param HTTP_PROXY "";
        fastcgi_pass unix:/var/run/fcgiwrap.socket;
}
location /zm/cache {
auth_basic off;
        alias /var/cache/zoneminder/cache;
}
location ~ /zm/api/(css|img|ico) {
auth_basic off;
        rewrite ^/zm/api(.+)$ /api/app/webroot/$1 break;
        try_files $uri $uri/ =404;
}
location /zm {
auth_basic off;
        alias /usr/share/zoneminder/www;
        try_files $uri $uri/ /index.php?$args =404;    
        location /zm/api {
auth_basic off;
                rewrite ^/zm/api(.+)$ /zm/api/app/webroot/index.php?p=$1 last;
         }
                location ~ \.php$ {
                auth_basic off;
                        include fastcgi_params;
                        fastcgi_param SCRIPT_FILENAME $request_filename;
                        fastcgi_param HTTP_PROXY "";
                fastcgi_index index.php;
                        fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
        }
    }
</sxh>
  sudo systemctl restart nginx.service
If it does not exist create
  sudo vim /etc/default/fcgiwrap
and insert (with the number of children -c equal to the number of cameras) Note that you may need to have this value larger than the number if cameras. In my case I run "camera walls" from a custom web page that accesses the Zoneminder monitors. I have needed to increase the -c to include the number of cameras in the camera wall web pages.
  DAEMON_OPTS=-c 17

  sudo systemctl restart fcgiwrap

=====How to setup cameras=====
[[http://onlinetechadvice.blogspot.com/2014/04/hikvision-ds-2cd2032-i-working-in.html?m=1#comment-form]]

  * Create a new monitor and choose source as ffmpeg
  * Click on source tab, add [[rtsp://username:password@192.168.1.120:554/cam/realmonitor?channel=1&subtype=0?tcp]] to the source(change your IP as necessary on your network, and your username and password.
  * Colors is 24 bit, Width is 1920, Height is 1080(I choose 1080P mode instead of 3MP), Click save and it should now work.

[[https://forums.zoneminder.com/viewtopic.php?t=25766]]

It turns out, this is better:
[[rtsp://username:password@192.168.1.120:554//Streaming/Channels/1]]

=====Enable ssl=====
[[http://www.overworkeditguy.com/2017/07/basic-security-with-zoneminder.html]]

First, activate the HTTPS / ssl handler for Apache (Ubuntu includes it in the default "LAMP" install, it just needs to be activated):
  sudo a2enmod ssl
  sudo service apache2 restart
Next, we'll create the place to store the certificates, as well as the self signed certificate itself:
  sudo mkdir /etc/apache2/ssl
  sudo openssl req -x509 -nodes -days 3065 -newkey rsa:2048 -keyout /etc/apache2/ssl/zm.key -out /etc/apache2/ssl/zm.crt
Fill in the form with the obvious information
For "Common Name", put in the IP address of the server or the fully qualified domain name if you have one (ie: zoneminder.mydomain.com)
Now that we have the required certificate, we can configure Apache to talk HTTPS:

Edit /etc/apache2/sites-available/default-ssl.conf with your favorite editor (nano, vim, etc)
  Change SSLCertificateFile to: /etc/apache2/ssl/zm.crt
  Change SSLCertificateKeyFile to: /etc/apache2/ssl/zm.key
Lastly, put the new HTTPS / ssl configuration in place and restart Apache:
  sudo a2ensite default-ssl.conf
  sudo service apache2 restart
Now open a browser and try to go to the server using HTTPS.  For example, https://192.168.0.100/zm .  You will get a security warning about an invalid certificate.  This is because it's a self signed certificate as opposed to one signed by a trusted 3rd party.  You can accept this warning and continue.

=====Error checking=====
====Change log location====
Debian (From Versions 8) stores zoneminder log messages in /var/log/syslog and /var/log/messages mixed with the other log records of the OS.

If you want to have only zoneminder logs, apart from the other log messages, in dedicated log files, you will have to change the configuration of /etc/rsyslog.conf and add specific statements for Zoneminder.

  * Create configuration file in /etc/rsyslog.d (all configuration files from this directory will be included in /etc/rsyslog.conf):
  #touch /etc/rsyslog.d/zm.conf
  * Edit /etc/rsyslog.d/zm. conf, add the code below:
<sxh bash; gutter: false>
#zoneminder rules

########################################################################

# Send Zoneminder messages in files located in /var/log/zm:

# All messages
:programname, contains, "zm" /var/log/zm/zmall

#Specific Messages generated by different components of Zoneminder:

#Analysis Daemon
:programname, contains, "zma" /var/log/zm/zma

#Capture Daemon
:programname, contains, "zmc" /var/log/zm/zmc

#Zoneminder Daemon Control Script
:programname, contains, "zdmc" /var/log/zm/zdmc

#Filter Component
:programname, contains, "zmfilter" /var/log/zm/zmfilter

#Audit Component
:programname, contains, "zmaudit" /var/log/zm/zmaudit

########################################################################

########################################################################
#Custom logs

# You may add custom logs by using the filtering by program name statements.
# For example, if you want to log the messages of "Monitor 3", add:
#:programname, contains, "_m3" /var/log/zm/monitor-3

########################################################################

########################################################################

#Discard Zoneminder messages after being written in the files above
#so that they do not end in the /var/log/syslog and /var/log/messages:

# - this is deprecated in Debian 8, but may work in previous versions- :programname, contains, "zm" ~
:programname, contains, "zm" stop

########################################################################
</sxh>
Save the file.

  * Restart syslog daemon
  #systemctl restart rsyslog.service
Zoneminder logs will be generated as defined in the above file.

====Maria DB does not start====
===Currupt Table===
  Cannot read first page of './zm/Logs.ibd' I/O error
This did NOT fix my issue:
  sudo chown mysql:mysql /var/lib/mysql/zm/Logs.frm
  sudo chown mysql:mysql /var/lib/mysql/zm/Logs.idb

So I tried this: 
[[https://iserversupport.com/recover-crashed-innodb-tables-on-mysql-database-server/]]

  sudo cp -rf /var/lib/mysql  /var/lib/mysql_backup_data
  sudo vim /etc/mysql/mariadb.conf.d/50-server.cnf 

  innodb_force_recovery = 1

===Backup DB===
  sudo mysqldump -uroot -p zm > zm_backup.sql

===Restore DB===
  mysql -uroot -p

  drop database zm;
  create database zm;
  GRANT ALL PRIVILEGES ON zm.* TO 'zmuser'@'localhost' WITH GRANT OPTION;
  FLUSH PRIVILEGES ;
  exit;

===Reset root password===
  sudo systemctl stop mariadb
  sudo mysqld_safe --skip-grant-tables &
Reconnect to the MariaDB server with the MariaDB root account:
  mysql -u root
Use the following commands to reset root’s password. Replace password with a strong password:
  use mysql;
  update user SET PASSWORD=PASSWORD("password") WHERE USER='root';
  flush privileges;
  exit
Then kill all open mariadb or mysql running processes:
  sudo ps -ef | grep mysql

Then restart MariaDB:
  sudo systemctl start mariadb