The yard camera I mentioned a few days ago consists of a Raspberry Pi 3 with an Official V2 Pi Camera peering through two layers of 1955-era window glass into our back yard:
Yes, that’s black duct tape holding it to the window pane. The extension cord draped across the floor gotta go, too.
This being a made-in-haste lashup, I used the streamEye MJPEG HTTP streamer, started from /etc/rc.local in the usual way:
logger -s Starting camera streamer sudo -u pi sh -c '/home/pi/yardcam.sh' & logger -s Camera running
The yardcam.sh script feeds one moderate-quality frame to the streamer every second:
/home/pi/streameye/extras/raspimjpeg.py -w 1280 -h 720 -r 1 -q 80 | streameye
MJPEG has a lot to dislike as a streaming video format. In particular, without any hint of inter-frame compression, the network usage gets way too high for any reasonable frame rate.
But it got the camera up & running in time for the March snowfall:
In a nod to IoT security, the Raspberry Pi’s wireless interface sits behind the router’s firewall on our guest network, with no access to the devices on our main network. The router passes a one-port peephole from the Internet to the Pi, which protects all the other services from unwarranted attention.
The router maintains a dynamic DNS record with a (not particularly) mnemonic URL, which seems better than an ever-changing dotted-quad IP address.
Because the router doesn’t support hairpin connections from the main network to the guest network, I can’t monitor the video from my desktop through the outwardly visible URL. Instead, I must fire up a laptop, connect to the guest network, then connect directly to the camera at camera.local.
You do not have a Need To Know for the URL; I’m sure it’ll appear on Shodan. I plan to take it down when the snow melts.
The Smell of Molten Projects in the Morning 
I’m not sure why more people don’t do this, but I have a VPN connection setup to my house and it is the only thing open to the Internet. The router does not respond to anything else. I had to change my setup when Apple dropped support for PPTP, but now I am using L2TP with encryption and a really, really long password. I have the config on my phone, so all I have to do is flip the switch and I’m on! Phone is protected by a long PW as well.
In this case, nobody on the [cough] authorized user list knows from VPN, so a straight-up port pinhole seems like the least-awful setup. Given the amount of port scanning going on, security by obscurity won’t last long, but the streamer seems sufficiently weird that none of the standard attacks will get a toehold.
I had another one-port pinhole for a public-key + password SSH session. Turns out I rarely leave the house, so that’s fallen into disrepair & disuse. [grin]