OpenALPR-Webhook is a self-hosted web application that accepts Rekor Scout™ POST data allowing longer data retention. It was designed with an emphasis on security to meet organization/business needs.
- 👉 Simple clean dashboard with statistics
- 👉 Custom unlimited alerts
- 👉 Notifications via email or SMS (Twilio)
- 👉 Customize report branding
- 👉 User management and roles
- 👉 Forced camera focus (Dahua IPCs)
- 👉 IPBan (fail2ban for Flask) with IPAbuseDB.com integration
- 👉 Webhook endpoint security
Worker management needs reimplementationCurrently working on this
- Manually requeuing jobs fail
- Updating vulnerable packages (Flask, requests, Werkzeug) fail.
- Cannot install flask-dance alongside other packages
- Gunicorn with more than one worker has issues with Worker Manager Server
Searching plates will only work if pagination position is on page 1
- Integrate Apprise
- Add something similar to DahuaSunriseSunset
- Enhance search functionality
- Add
- Direction
- Color
- From/To Date
- Camera
- Location
- License Plate Region
- Add
- Improve user management
- Add a password reset form for admins
- Add email notifications for new users
- Beautify email notifications with HTML
- View alerts publicly without authentication using a secure expirable routing method.
- Ability for admins to
- Export databases
- Export/import settings
- Add audit logs for each action
- Add support for 2FA/MFA
- Package application with briefcase
- Run/Debug Configuration
Install Redis server and start it.
Additionally, you can set Redis server to start automatically. See the Bare Server section- OpenALPR-Webhook
- Set the Script path to
<OpenALPR-Webhook>/app.py
- Parameters should be set to
--host=0.0.0.0 --port=8080
- Add
DEBUG=True
into Environment variables - Set the Working directory to
<OpenALPR-Webhook>
- Set the Script path to
- OpenALPR-Webhook
TBD
apt install build-essential python3 python3-dev python3.10-venv pip3 redis-server && systemctl enable redis-server && systemctl start redis-server
git clone /~https://github.com/mibs510/OpenALPR-Webhook
cd OpenALPR-Webhook
python3 -m venv ./venv
source ./venv/bin/activate
# Due to a dependency issue with flask-dance, flask-dance needs to be installed separately from all other packages
pip3 install flask-dance
pip3 install -r requirements.txt
./app.py --host=0.0.0.0 --port=8080
You will want to create a service file to automatically start OpenALPR-Webhook upon each reboot.
sudo nano /etc/systemd/system/oalpr-wh.service
[Unit]
Description=OpenALPR-Webhook
After=network.target
[Service]
User=user
WorkingDirectory=/home/user/OpenALPR-Webhook
ExecStart=/home/user/OpenALPR-Webhook/venv/bin/python3 /home/user/OpenALPR-Webhook/app.py --host=0.0.0.0 --port=8080
Restart=always
[Install]
WantedBy=multi-user.target
Be sure to modify User
, WorkingDirectory
, and ExecStart
.
⚠️ User
should not have root privileges without invoking sudo!
Then execute:
sudo systemctl daemon-reload
sudo systemctl enable oalpr-wh
sudo systemctl start oalpr-wh
Optional: journalctl -n 50 -f
- Head over to the URL of your server: http://OpenALPR-Webhook:8080
- You will be required to login. Click 'register' to create a super admin account.
- After creating a super admin account, the register link will throw an 'Access Denied' as a protective measure against unauthorized account creation.
- Accounts will need to be created manually by an administrator under Settings/Users.
- Refer to Settings/Profile section to begin accepting data.
# Log into OpenALPR-Webhook
# Go to Settings/Maintenance/App (http://OpenALPR-Webhook:8080/settings/maintenance/app) and Shutdown Worker Manager Server
# Shutdown web server
sudo systemctl stop oalpr-wh
# Go to the root directory of OpenALPR-Webhook
cd OpenALPR-Webhook
# Backup databases
mkdir apps/db.backup
cp apps/db/* apps/db.backup
# You should not need to reset, unless git complains about local files needing to be committed or stashed.
# To overwrite any changes to project files (excluding databases, logs, secrets, etc)
git reset --hard
# Get latest version of OpenALPR-Webhook
git pull
# Apply changes to the databases
flask db init --multidb
flask db migrate
flask db upgrade
# Start web server
sudo systemctl start oalpr-wh
The dashboard displays some simple statistics, recent alerts, and license plate captures.
Under Alerts/Custom Alerts, users can view alerts handled by OpenALPR-Webhook. Each user, including administrators and the super administrator, can only view their own custom alerts. Administrators and the super administrator can add other users as additional contacts to be notified when a match occurs.
Users can print a report by clicking on the print icon on the upper right hand corner. Printing also allows the report to be saved as a PDF.
To add a custom alert, go to Search->License Plates, click on the record, and then click on bell icon
Users have the ability to enable Match Region while adding a custom alert in Search->License Plates or
Enabling this will tell OpenALPR-Webhook to require a region match of the
license plate for it to send a notification. The non-matched record will still appear in the Past History section under
Alerts/Custom Alerts or Search/License Plates.
Rekor™ Scout alerts arrive from Rekor as alerts. You cannot modify the alert in OpenALPR-Webhook, to modify these alerts,
Note: The Vehicle Information section for each report contains specifications of the type of vehicle that includes make, model, year, and body type. OpenALPR-Webhook does not generate this data. This data is generated by Rekor Watchman Agent.
View and search license plates grouped with vehicle details.
This field displays the last four characters of the API key that was used to submit this record. This is useful for administrators to perform a reverse search of the user that is responsible for Rekor POSTing data.
View and search vehicles that did not have a license plate detected.
Available to administrators only.
Edit agent connection details here. These settings allow OpenALPR-Webhook to download high resolution images directly from the agent. Users are not allowed to delete or add agents manually. Agents are registered as new agents are discovered by OpenALPR-Webhook. Administrators can enable them after being registered for OpenALPR-Webhook to utilize.
Available to administrators only.
Similar to Settings/Agents. This section allows to specify connection details for each camera. These settings are used to forcefully focus and zoom a camera at a specified interval.
Available to administrators only.
These settings are used to rebrand generated reports using the print function.
An extended addon for
Suspend all POSTing to OpenALPR-Webhook.
Highly unrecommended. This allows anyone (or thing) to POST data into OpenALPR-Webhook. This is a security issue as it allows untrusted data into OpenALPR-Webhook.
The second-best option. This allows every user to POST data into OpenALPR-Webhook.
The default option. Only data from Rekor that contains an admin's API_KEY
is allowed to POST.
Specify the public URL used to access OpenALPR-Webhook. Although not used by OpenALPR-Webhook at the moment, certain features that are yet to be implemented will require a valid URL.
Available to administrators only.
The Worker Manager Server is responsible for spawning and terminating Redis workers as needed. One worker is spawned for every agent and camera that is enabled. This allows OpenALPR-Webhook to scale as needed without interruptions. Because Redis forks workers on the process level, the Worker Manager Server only runs on *nix systems.
Restart the server when experiencing issues with worker allocation. This will not restart the webserver.
Shutting down the server is essential when performing a soft restart on the webserver. This makes sure that no worker turns to a zombie.
These actions are not needed when performing a system reboot.
Available to administrators only.
A front end to Redis server(s). This was made possible with rq-dashboard. For each agent enabled, a worker is spawned and listens on the default queue. Unlike for agents, a worker is spawned for each enabled camera and listens to a queue named the ID of the camera.
View a list of queues with job status
View a list of jobs.
Note: It is advisable that no job, other than those of type download_plate_image()
, be re-queued.
View a list of workers, the current job, and its associated queues
Users can edit basic information about themselves such as name, website, email address, phone number, time zone, etc.
Each user has a unique API_KEY
. The API_KEY
key used to authorize Rekor Scout to POST data onto the webhook endpoint.
Administrators can set a global setting to limit which API_KEY
's can POST data. Refer to Settings/General.
To begin receiving data into OpenALPR-Webhook, copy your API_KEY
into Rekor Scout > Configuration > WebHooks Configuration > Add New Webhook > Custom Data
API_KEY: vvvvvvvv-wwww-xxxx-yyyy-zzzzzzzzzzzz
Be sure to fill in all other fields such as Destination URL, Description, check Send All Plate Reads, Send Matching Alerts, and Send Reads missing plate.
Available to administrators only.
Specify notification settings for Twilio and SMTP. Valid SMTP settings are required to reset user passwords in Settings/Users.
Available to administrators only.
Administrators can create users, edit users, change user roles, and suspend user accounts.
Once an account has been created, it cannot be deleted. This is to preserve accounts and their API tokens for audit
purposes (a feature yet to be implemented).
The super administrator account cannot be suspended.
The super administrator account cannot be demoted.
A valid SMTP server is required to reset passwords. A new generated password will be emailed to the user.
Click on the 'User+' icon located in upper right-hand corner to add a user.