This Web page contains detailed instructions and commentary. I believe in explaining things to the greatest extent possible, so it might take you a while to read through the page. But please don't be scared; the actual work is pretty straightforward.
I have deliberately not included my e-mail address on this Web page. That's because I don't have the time to answer questions, especially questions from novices. I'm sorry about that, but it's the way things are. If you're not a novice and you just want to let me know about errors in the instructions, you should have no difficulty whatsoever in figuring out how to get in touch.
One of the nice features of the Canon 5D Mark IV is its wireless communications abilities. You can connect your camera to a smartphone or a computer, in a number of different ways. One of those is to use the ancient FTP protocol to upload pictures to a remote server. Pictures can be uploaded automatically every time you snap a shot, which is clearly a big win for journalists, sports photographers, and anyone who just wants their pictures to be backed up or published instantly.
Before we get into details, I'll note that there are other options besides FTP. In particular, you can use the Canon Image Gateway, or you can use commercial services. But if you want to use your own server (e.g. you don't trust Canon or you're a sysadmin at a large organization) then this page might be for you.
Canon makes great cameras, but as a software company it has many flaws. One is that it's amazingly Windows-centric. Their documentation on how to set up FTP servers offers a choice of no fewer than ten Windows versions (although sadly, not the current one) but no other operating systems. So if you run Linux (like me) or Mac OS, you're on your own.
Fortunately for you, I spent an enormous amount of time over the past ten months figuring out how to get the camera to talk to some open-source Web servers. This page tells you what to do. Of course, since I'm a Linux guy, the Mac instructions are sketchier. But a good Mac admin should be able to make things work.
Before I begin, a word about my intended audience. This Web page is written for people who have quite a bit of experience with system administration. In particular, you should be completely comfortable with the command line, creating user accounts, and installing software, and you should be perfectly happy editing configuration files. If you do all your system administration through a GUI, sorry, this page isn't for you. And I'm not going to tell you how to install the FTP servers; the procedure varies from system to system and you ought to be able to do it on your own.
I mentioned that FTP is an ancient protocol; in fact, it's one of the oldest on the Internet. (There is some evidence to suggest that it's THE oldest "real", i.e. useful, protocol.) That means it's a bit clumsy (they were still figuring out the best way to do things) and in its native form it's completely insecure. Fortunately the latter problem has been addressed by later changes to the protocol.
Your 5D4 offers a total of four ways to connect to an FTP server: anonymous/insecure, anonymous/secure, password/insecure, and password/secure. Only the last one is safe. "Anonymous" means that people can log into your server without providing a password; the problem with that is that the Bad People on the Internet will quickly find your computer (they regularly scan every computer in the world) and start bogging it down with pornography and malware. I'm serious: they're always looking for places to store their porn, and then they tell other people where to find it. So if you want lots of garbage, set up an anonymous FTP server.
"Insecure" means that the user name and password are sent over the Internet without encryption, which means anybody can read them. So even if you set up an account with a password, somebody can capture them off the network and then use that account to upload—what else—porn.
This page tells you how to set up a password/secure FTP server for the specific purpose of being able to connect your 5D Mark IV to it. If you want to use the server for more than that, it's up to you.
There appear to be three popular Linux FTP servers that can deal with the secure protocol: vsftpd (the "very secure FTP daemon"), Pure-FTPd, and ProFTPD. However, I wasn't able to get Pure-FTPd to work with the camera, so I'll ignore it from here on out. (If anybody figures out how, feel free to let me know and maybe I'll find time to update this page.)
Since I wanted the automation, I decided to go with ProFTPD. But I also got vsftpd to work and I include instructions here.
If you don't have openssl, install it first. You might want to create your SSL certificate right away because you may have to wait up to 12 hours before the camera will recognize it as valid. (The 5D4 has a bug that uses the local time zone rather than UTC to check the certificate).
Try to use an FTP server from your Linux distribution. If it adds an
ftp account of some sort, that's all to the good. You
can start it with systemctl or service or a
script from /etc/init.d. Mac people, you're on your own
here (although I would assume launchd would be involved).
But don't start the server just yet.
If the distro didn't create an ftp user, you might want
to do that now. Or not.
You'll need an account for your camera. I'm going to use
canon5d4 in this discussion, but don't call it
that or anything else easy to guess (like any first name). Make the
password good, following the usual rules (mix cases, insert some
special characters, make it over 8 characters). Remember that you'll
have to enter this password on your camera, which means there may be
some Canon-imposed limitations. I haven't explored what Canon does
and doesn't allow. But it's wise to choose a password you'll be able
to remember in the field.
The next thing you'll need to do is to create an SSL certificate; the
camera will use that to ensure that it's talking to your FTP server
rather than an imposter. You don't need to buy a certificate
from an outside vendor, which is nice because the vendors can charge
quite a bit and because they set it up so that you have to renew (and
pay) every year. Instead, you can use openssl to create
a certificate of your own.
THIS IS CRITICAL! First a bit of background: every SSL certificate includes an expiration date. Previous versions of this page suggested that you use a very long expiration so that you wouldn't have to recreate your certificate every so often. However, the Security Powers That Be have now decreed that no certificate should last longer than 13 months (I've seen times of 396 and 397 days). Their reasons are fairly sensible, although they don't really apply to this particular situation. But at least with proftpd and firmware version 1.4, you don't get a choice: they'll reject long-lived certificates. So I now recommend that you just give up and plan to renew your certificates every year. My sample below uses 390 days to be safe.
Now that you have the correct number, make a directory that will hold
your certificate. Since I'm using ProFTPD, which uses
/etc/proftpd for its configuration files, I put it in
/etc/proftpd/ssl. Make sure that the directory is
owned by the user that proftpd will run under (for me, that's ftp)
and is mode 700, or rwx------.
For vsftpd, my distro didn't have a configuration directory so I used
/etc/ssl/private. That would work fine for ProFTPD too,
if you prefer that.
openssl
Strictly speaking, this step probably isn't necessary (I got the
camera to work without it). But my interpretation of various
documentation is that you should create your certificate with a few
special SSL extensions. So edit /etc/ssl/openssl.cnf and
add the following lines at the bottom:
##################################################################### [ eos5d4 ] # These are used to create an FTP certificate acceptable to a # Canon EOS 5D Mark IV camera. keyUsage = keyEncipherment, dataEncipherment extendedKeyUsage = serverAuth
You can just copy-and-paste them, no customization needed. If you're
too lazy to do this step, just omit -extensions eos5d4 below.
Once you've made a directory for the certificate and secured it, change
into it (continuing to work as root) and make your
certificate with this command:
openssl req -new -x509 -nodes -newkey rsa:2048 -keyout
proftpd.key -out proftpd.pem -days 390 -extensions eos5d4
Obviously, replace proftpd with vsftpd
(twice) if you're using vsftpd. Not that it really matters; you could
use any file name as long as your other configuration matched.
When you make the certificate, openssl will ask you a lot
of questions such as your country, state or province, etc. Answer
them as you please; it doesn't really matter (I chose to be
accurate). Enter "." if you want the answer to be empty. You can run
the command again if you decide you don't like what you typed.
Once you've created the certificate, you can check it with this command:
openssl x509 -in /etc/proftpd/ssl/proftpd.pem -text
which will produce a lot of output, but buried near the top will be the expiration date. Make sure it's no later than 13 months in the future; otherwise your camera will reject it.
The next step is to configure the FTP daemon itself. That's complex enough that I've created two separate pages for ProFTPD configuration and vsftpd configuration. You only need to do that once.
After you've configured the FTP server, you would probably like to test it out before trying to get the camera to connect. I only have one option for you here: lftp. (There are probably others, but I haven't tested them.)
First, start the server. Doing so depends on your system: common
incantations include systemctl start proftpd,
service proftpd start, rcproftpd start, or
/etc/init.d/proftpd start (replacing proftpd with vsftpd
as needed).
To test with lftp, I used:
lftp -u canon5d4
-e 'set ssl:verify-certificate false' ftp-server
where canon5d4 should be replaced by the name of the user account you created for your camera and ftp-server is the DNS name of (surprise) your server.
You will be asked for a password and then given a prompt that looks like this:
lftp canon5d4@ftp-server:~>
At the prompt, type "ls" (list files) and hit enter. If
you get a file list, or no output except another prompt, you're
partway there. I say "partway" because lftp isn't actually verifying
the certificate (set ssl:verify-certificate false).
There doesn't seem to be a straightforward way to test the server with
a self-signed certificate, which is unfortunate since the camera
handles that just fine.
Anyway, if you get "Login incorrect" or other errors, now is the time to debug the problem. You can enable debugging in lftp by running it like this:
lftp -u canon5d4
-e 'debug;set ssl:verify-certificate false' ftp-server
…and you can turn on debugging on the server side by editing the proftpd or vsftpd configuration file and restarting the server.
You're now ready to set up the camera. The Canon documentation isn't bad, all things considered, but in places it's not very helpful. So here's a step-by-step procedure. But first, a warning, a whine, and a suggestion.
There are two parts to connecting the camera to an FTP server: you need to connect to a local wireless network, and then you need to tell the camera about the FTP server itself. Those two things are COMPLETELY independent: you can connect to the server from any wireless network, and from any given network you can connect to any server. Unfortunately, Canon conflates the two. A particular setup includes both the wireless network and the server. Wanna connect to a different server from the same network? A different setup is needed. Want to always use the same server, but from several networks? Different setups. And to make matters MUCH worse, the camera only supports three setups, total. At least you're allowed to give them names.
Oh, and the camera can only store one root certificate (see below). So if you want to use multiple servers with different certificates, you have to constantly reload the certificate. (I solved that particular problem by putting the same certificate on two servers, but that's not a great solution and not available to everyone.)
I chose to define one setup for my most-used network, a second for my phone hotspot (gotta watch out for data limits on that one), and to then leave the third for connecting to whatever network is nearby at the moment, realizing that I will have to reconfigure all the time. Sigh.
The first thing you need to do is to load a "root certificate" on your
camera. This is the certificate you made with openssl above. On your
computer, copy the proftpd.pem or vsftpd.pem
file to a flash card (CF or SD), naming it root.pem and
placing it in the root (top-level) folder of the card. Unmount
(eject) the card from your computer, put it in the camera, and:
The above is a one-time process; you shouldn't have to do it again until the certificate expires a year from now.
This is a fun thing: it appears that some parts of the whole system (camera plus FTP server) use UTC, and others use local time. So if you create a certificate when you live in a time zone east of London (UTC/GMT), you're not likely to have troubles. But if you live west of London, you might have to wait up to 12 hours for your new certificate to work. I haven't been able to figure out where the bug lies, so patience is the answer. Sigh.
As I mentioned above, you need to set up separately for every combination of wireless network and FTP server. You'll probably get pretty good at this.
prizewinners.natgeo.com (I made that up; it
doesn't exist). You can also use a numeric IP address if you
prefer. (Hint: you can use the big dial on the back, plus the
8-way multicontroller, to type more quickly. But it's still a
pain.)
A/DCIM/100EOS5D", which is
annoying.
Whew! But at least you're connected!
It's not really clarified in the Canon manual, but you can disconnect from the WiFi network by choosing "Communication settings" (Tools, tab 4), "Built-in wireless settings", "Wi-Fi function", and "Disconnect,exit". That will save power when you don't need WiFi.
You can then reconnect by selecting "Communication settings", "Built-in wireless settings", "Wi-Fi function", and "Transfer images to FTP server". Pick your settings (out of three) under "Choose set." and then select "Connect". Yay!
After all that setup, you're finally ready to actually upload pictures to your FTP server. Start with "Communication settings" (Tools, tab 4, remember?) and pick "FTP transfer settings". The top three menu items give you some cool choices:
You are now all set with FTP service! Connect to your server, turn on automatic transfer, and take a picture. It should magically appear on the server. Turn automatic transfer off, take another, and use the SET button to send it. (I have way too many pictures of my kitchen at this point…)
The last thing you need to do is to make sure the FTP server is always
running, even after you reboot your computer. This unfortunately
depends on your distro. On many systems, the command is
"systemctl enable proftpd" (or vsftpd as
appropriate). Other machines use "chkconfig proftpd
on". Still others use other commands, which I'd be happy to be
informed of. Hopefully you know enough about system administration to
figure out what will work for your distribution.
A cool thing about ProFTPD is that there are a couple of ways you can use it to automatically respond to image uploads. One of those is to automatically execute a program every time a file is uploaded; another is to write the name of the uploaded file to a FIFO and let another program read that name and take an appropriate action.
In both cases, there are EXTREME security risks. If the program has bugs of any sort, it is likely that there is a security hold that would allow an attacker to crash your FTP server, upload unwanted files (porn), or take it over completely.
For that reason, I am not going to give sample programs here. Instead, I will merely note the kind of things that can be done. In my case, when I shoot a picture it will be rotated to standard orientation, renamed according to my standard naming scheme, and added to my Web site as part of a collection of the day's pictures. The details of how this is accomplished are specific to how my Web site works and wouldn't be useful to anyone else, but the summary should give you an idea of the sort of thing that's possible with Linux, ProFTPD, and the Canon 5D Mark IV.