This Web page contains detailed instructions and commentary. I believe in explaining things to the greatest extent possible, so it might take you a while to read through the page. But please don't be scared; the actual work is pretty straightforward.
I have deliberately not included my e-mail address on this Web page. That's because I don't have the time to answer questions, especially questions from novices. I'm sorry about that, but it's the way things are. If you're not a novice and you just want to let me know about errors in the instructions, you should have no difficulty whatsoever in figuring out how to get in touch.
One of the nice features of the Canon 5D Mark IV is its wireless communications abilities. You can connect your camera to a smartphone or a computer, in a number of different ways. One of those is to use the ancient FTP protocol to upload pictures to a remote server. Pictures can be uploaded automatically every time you snap a shot, which is clearly a big win for journalists, sports photographers, and anyone who just wants their pictures to be backed up or published instantly.
Before we get into details, I'll note that there are other options besides FTP. In particular, you can use the Canon Image Gateway, or you can use commercial services. But if you want to use your own server (e.g. you don't trust Canon or you're a sysadmin at a large organization) then this page might be for you.
Canon makes great cameras, but as a software company it has many flaws. One is that it's amazingly Windows-centric. Their documentation on how to set up FTP servers offers a choice of no fewer than ten Windows versions (although sadly, not the current one) but no other operating systems. So if you run Linux (like me) or Mac OS, you're on your own.
Fortunately for you, I spent an enormous amount of time over the past ten months figuring out how to get the camera to talk to some open-source Web servers. This page tells you what to do. Of course, since I'm a Linux guy, the Mac instructions are sketchier. But a good Mac admin should be able to make things work.
Before I begin, a word about my intended audience. This Web page is written for people who have quite a bit of experience with system administration. In particular, you should be completely comfortable with the command line, creating user accounts, and installing software, and you should be perfectly happy editing configuration files. If you do all your system administration through a GUI, sorry, this page isn't for you. And I'm not going to tell you how to install the FTP servers; the procedure varies from system to system and you ought to be able to do it on your own.
I mentioned that FTP is an ancient protocol; in fact, it's one of the oldest on the Internet. (There is some evidence to suggest that it's THE oldest "real", i.e. useful, protocol.) That means it's a bit clumsy (they were still figuring out the best way to do things) and in its native form it's completely insecure. Fortunately the latter problem has been addressed by later changes to the protocol.
Your 5D4 offers a total of four ways to connect to an FTP server: anonymous/insecure, anonymous/secure, password/insecure, and password/secure. Only the last one is safe. "Anonymous" means that people can log into your server without providing a password; the problem with that is that the Bad People on the Internet will quickly find your computer (they regularly scan every computer in the world) and start bogging it down with pornography and malware. I'm serious: they're always looking for places to store their porn, and then they tell other people where to find it. So if you want lots of garbage, set up an anonymous FTP server.
"Insecure" means that the user name and password are sent over the Internet without encryption, which means anybody can read them. So even if you set up an account with a password, somebody can capture them off the network and then use that account to upload—what else—porn.
This page tells you how to set up a password/secure FTP server for the specific purpose of being able to connect your 5D Mark IV to it. If you want to use the server for more than that, it's up to you.
There appear to be three popular Linux FTP servers that can deal with the secure protocol: vsftpd (the "very secure FTP daemon"), Pure-FTPd, and ProFTPD. However, I wasn't able to get Pure-FTPd to work with the camera, so I'll ignore it from here on out. (If anybody figures out how, feel free to let me know and maybe I'll find time to update this page.)
Since I wanted the automation, I decided to go with ProFTPD. But I also got vsftpd to work and I include instructions here.
If you don't have openssl, install it first. You might want to create your SSL certificate right away because you may have to wait up to 12 hours before the camera will recognize it as valid. (The 5D4 has a bug that uses the local time zone rather than UTC to check the certificate).
Try to use an FTP server from your Linux distribution. If it adds an
ftp account of some sort, that's all to the good. You
can start it with
service or a
/etc/init.d. Mac people, you're on your own
here (although I would assume
launchd would be involved).
But don't start the server just yet.
If the distro didn't create an
ftp user, you might want
to do that now. Or not.
You'll need an account for your camera. I'm going to use
canon5d4 in this discussion, but don't call it
that or anything else easy to guess (like any first name). Make the
password good, following the usual rules (mix cases, insert some
special characters, make it over 8 characters). Remember that you'll
have to enter this password on your camera, which means there may be
some Canon-imposed limitations. I haven't explored what Canon does
and doesn't allow. But it's wise to choose a password you'll be able
to remember in the field.
The next thing you'll need to do is to create an SSL certificate; the
camera will use that to ensure that it's talking to your FTP server
rather than an imposter. You don't need to buy a certificate
from an outside vendor, which is nice because the vendors can charge
quite a bit and because they set it up so that you have to renew (and
pay) every year. Instead, you can use
openssl to create
a certificate of your own.
THIS IS CRITICAL! First a bit of background: every SSL certificate includes an expiration date. Despite being pretty savvy about security, I can't see any good reason (from a security standpoint) for certificates to expire. But expiration allows certificate vendors to keep charging you money…
For your camera, you don't really need the certificate to expire. So I recommend choosing a date far, far in the future. January 1st, 2400 would be about right, except for one CRITICAL CANON BUG that literally took me months of part-time work to track down: the 5D Mark IV has the Year 2038 bug. So your certificate can't expire later than January 19, 2038. Actually, because of a secondary bug (the camera uses local time instead of UTC), I recommend going no later than January 17, 2038.
That wouldn't be painful except that when
openssl makes a
certificate, you don't specify the expiration date as such. Instead,
you have to give the number of days from now (the day you make the
certificate) until it expires. Sigh. So your first step is to go to
a handy days-between-dates
calculator. Choose "today" as the start date, and "01/15/2038" as the
end. (Or 1/17 if you're feeling brave, but are those two extra days
in 2038 really worth the risk of hassle?)
Now that you have the correct number, make a directory that will hold
your certificate. Since I'm using ProFTPD, which uses
/etc/proftpd for its configuration files, I put it in
/etc/proftp/ssl. Make sure that the directory is
root and is mode 777, or rwx------.
For vsftpd, my distro didn't have a configuration directory so I used
/etc/ssl/private. That would work fine for ProFTPD too,
if you prefer that.
Strictly speaking, this step probably isn't necessary (I got the
camera to work without it). But my interpretation of various
documentation is that you should create your certificate with a few
special SSL extensions. So edit
add the following lines at the bottom:
##################################################################### [ eos5d4 ] # These are used to create an FTP certificate acceptable to a # Canon EOS 5D Mark IV camera. keyUsage = keyEncipherment, dataEncipherment extendedKeyUsage = serverAuth
You can just copy-and-paste them, no customization needed. If you're
too lazy to do this step, just omit
-extensions eos5d4 below.
Once you've made a directory for the certificate and secured it, change
into it (continuing to work as
root) and make your
certificate with this command:
openssl req -new -x509 -nodes -newkey rsa:2048 -keyout
proftpd.key -out proftpd.pem -days days
(twice) if you're using vsftpd. Not that it really matters; you could
use any file name as long as your other configuration matched.
When you make the certificate,
openssl will ask you a lot
of questions such as your country, state or province, etc. Answer
them as you please; it doesn't really matter (I chose to be
accurate). Enter "." if you want the answer to be empty. You can run
the command again if you decide you don't like what you typed.
Once you've created the certificate, you can check it with this command:
openssl x509 -in /etc/proftpd/ssl/proftpd.pem -text
which will produce a lot of output, but buried near the top will be the expiration date. Make sure it's absolutely no later than 3 PM on January 18, 2038. Otherwise your camera will reject it (at least in some time zones).
The next step is to configure the FTP daemon itself. That's complex enough that I've created two separate pages for ProFTPD configuration and vsftpd configuration.
After you've configured the FTP server, you would probably like to test it out before trying to get the camera to connect. I only have one option for you here: lftp. (There are probably others, but I haven't tested them.)
First, start the server. Doing so depends on your system: common
systemctl start proftpd,
service proftpd start,
rcproftpd start, or
/etc/init.d/proftpd start (replacing proftpd with vsftpd
To test with lftp, I used:
lftp -u canon5d4
-e 'set ssl:verify-certificate false' ftp-server
where canon5d4 should be replaced by the name of the user account you created for your camera and ftp-server is the DNS name of (surprise) your server.
You will be asked for a password and then given a prompt that looks like this:
At the prompt, type "
ls" (list files) and hit enter. If
you get a file list, or no output except another prompt. If you get
"Login incorrect" or other errors, now is the time to debug the
problem. You can enable debugging in lftp by running it like this:
lftp -u canon5d4
-e 'debug;set ssl:verify-certificate false' ftp-server
…and you can turn on debugging on the server side by editing the proftpd or vsftpd configuration file and restarting the server.
You're now ready to set up the camera. The Canon documentation isn't bad, all things considered, but in places it's not very helpful. So here's a step-by-step procedure. But first, a warning, a whine, and a suggestion.
There are two parts to connecting the camera to an FTP server: you need to connect to a local wireless network, and then you need to tell the camera about the FTP server itself. Those two things are COMPLETELY independent: you can connect to the server from any wireless network, and from any given network you can connect to any server. Unfortunately, Canon conflates the two. A particular setup includes both the wireless network and the server. Wanna connect to a different server from the same network? A different setup is needed. Want to always use the same server, but from several networks? Different setups. And to make matters MUCH worse, the camera only supports three setups, total. At least you're allowed to give them names.
I chose to define one setup for my most-used network, a second for my phone hotspot (gotta watch out for data limits on that one), and to then leave the third for connecting to whatever network is nearby at the moment, realizing that I will have to reconfigure all the time. Sigh.
The first thing you need to do is to load a "root certificate" on your
camera. This is the certificate you made with openssl above. On your
computer, copy the
file to a flash card (CF or SD), naming it
placing it in the root (top-level) folder of the card. Unmount
(eject) the card from your computer, put it in the camera, and:
The above is a one-time process; you shouldn't have to do it again.
As I mentioned above, you need to set up separately for every combination of wireless network and FTP server. You'll probably get pretty good at this.
prizewinners.natgeo.com(I made that up; it doesn't exist). You can also use a numeric IP address if you prefer. (Hint: you can use the big dial on the back, plus the 8-way multicontroller, to type more quickly. But it's still a pain.)
A/DCIM/100EOS5D", which is annoying.
Whew! But at least you're connected!
It's not really clarified in the Canon manual, but you can disconnect from the WiFi network by choosing "Communication settings" (Tools, tab 4), "Built-in wireless settings", "Wi-Fi function", and "Disconnect,exit". That will save power when you don't need WiFi.
You can then reconnect by selecting "Communication settings", "Built-in wireless settings", "Wi-Fi function", and "Transfer images to FTP server". Pick your settings (out of three) under "Choose set." and then select "Connect". Yay!
After all that setup, you're finally ready to actually upload pictures to your FTP server. Start with "Communication settings" (Tools, tab 4, remember?) and pick "FTP transfer settings". The top three menu items give you some cool choices:
You are now all set with FTP service! Connect to your server, turn on automatic transfer, and take a picture. It should magically appear on the server. Turn automatic transfer off, take another, and use the SET button to send it. (I have way too many pictures of my kitchen at this point…)
The last thing you need to do is to make sure the FTP server is always
running, even after you reboot your computer. This unfortunately
depends on your distro. On many systems, the command is
systemctl enable proftpd" (or
appropriate). Other machines use "
on". Still others use other commands, which I'd be happy to be
informed of. Hopefully you know enough about system administration to
figure out what will work for your distribution.
A cool thing about ProFTPD is that there are a couple of ways you can use it to automatically respond to image uploads. One of those is to automatically execute a program every time a file is uploaded; another is to write the name of the uploaded file to a FIFO and let another program read that name and take an appropriate action.
In both cases, there are EXTREME security risks. If the program has bugs of any sort, it is likely that there is a security hold that would allow an attacker to crash your FTP server, upload unwanted files (porn), or take it over completely.
For that reason, I am not going to give sample programs here. Instead, I will merely note the kind of things that can be done. In my case, when I shoot a picture it will be rotated to standard orientation, renamed according to my standard naming scheme, and added to my Web site as part of a collection of the day's pictures. The details of how this is accomplished are specific to how my Web site works and wouldn't be useful to anyone else, but the summary should give you an idea of the sort of thing that's possible with Linux, ProFTPD, and the Canon 5D Mark IV.