[mythtv-users] Accessing MythWeb through firewall
Phill Edwards
philledwards at gmail.com
Mon Oct 30 11:19:18 UTC 2006
> You'll probably also need a ProxyPassReverse rule - this'll remap the
> URLs in any response from the server, so add the following:
> ProxyPassReverse /mythweb http://xxx.edwards.home/mythweb
>
> I'd also remove the trailing / from the your ProxyPass rule (or add it
> to the first part) - not sure it makes any difference but it's always
> better to be consistent.
Thanks for the help guys. I've worked out a really nice and simple
solution for this which I'll share here for posterity.
Step 1
---------
Remove the authentication from the MythWeb server .htaccess file by
commenting out or removing these lines:
AuthType Digest
AuthName "MythTV"
AuthUserFile /var/www/myth_htdigest
Require valid-user
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
Step 2
----------
Create a MythWeb conf file for Apache on the gateway box which is
accessible from the internet. On my setup this file lives in
/etc/httpd/conf.d and I called it PME_mythweb.conf. This file should
look like this:
<Location "/mythweb">
ProxyPass http://myth.edwards.home/mythweb/
ProxyPassReverse http://myth.edwards.home/mythweb/
AuthType Digest
AuthName "MythTV"
AuthUserFile /var/www/myth_htdigest
Require valid-user
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
</Location>
Note that this file now controls the authentication so even though we
removed authentication from the MythWeb server everything is still
password protected because the gateway now asks for a logon.
Also note that I found it's best to NOT put a trailing slash after
/mythweb on the <Location "/mythweb"> line. If you put a slash after
it seems to be more picky about whether the original URL contains a
trailing slash, so I have left it off.
Step 3
----------
Create the myth_htdigest file in the usual manner on the gateway by
going to the /var/www/ directory and running htdigest -c myth_htdigest
MythTV mythtv
This seems to work really well and it allows me to still authenticate
so the googlebots won't eat my recordings. And because I have SSL on
my gateway I'm now accessing everything over SSL.
I'm not sure if MythWeb uses cookies or not - if it doesn' t now
there's a possibility that this may stop working in the future if
cookies are introduced, but I'll cross that bridge if I come to it.
There are Apache directives called ProxyPassReverseCookieDomain and
ProxyPassReverseCookiePath that look like they may be part of the
solution if it happens.
Regards,
Phill
More information about the mythtv-users
mailing list