[mythtv-users] Accessing MythWeb through firewall

Phill Edwards philledwards at gmail.com
Mon Oct 30 11:19:18 UTC 2006 

> You'll probably also need a ProxyPassReverse rule - this'll remap the
> URLs in any response from the server, so add the following:
>         ProxyPassReverse /mythweb http://xxx.edwards.home/mythweb
>
> I'd also remove the trailing / from the your ProxyPass rule (or add it
> to the first part) - not sure it makes any difference but it's always
> better to be consistent.

Thanks for the help guys. I've worked out a really nice and simple
solution for this which I'll share here for posterity.

Step 1
---------
Remove the authentication from the MythWeb server .htaccess file by
commenting out or removing these lines:

AuthType           Digest
AuthName           "MythTV"
AuthUserFile       /var/www/myth_htdigest
Require            valid-user
BrowserMatch       "MSIE"      AuthDigestEnableQueryStringHack=On


Step 2
----------
Create a MythWeb conf file for Apache on the gateway box which is
accessible from the internet. On my setup this file lives in
/etc/httpd/conf.d and I called it PME_mythweb.conf. This file should
look like this:

<Location "/mythweb">
ProxyPass http://myth.edwards.home/mythweb/
ProxyPassReverse http://myth.edwards.home/mythweb/
   AuthType            Digest
   AuthName          "MythTV"
   AuthUserFile       /var/www/myth_htdigest
   Require               valid-user
   BrowserMatch     "MSIE"      AuthDigestEnableQueryStringHack=On
</Location>

Note that this file now controls the authentication so even though we
removed authentication from the MythWeb server everything is still
password protected because the gateway now asks for a logon.

Also note that I found it's best to NOT put a trailing slash after
/mythweb on the <Location "/mythweb"> line. If you put a slash after
it seems to be more picky about whether the original URL contains a
trailing slash, so I have left it off.


Step 3
----------
Create the myth_htdigest file in the usual manner on the gateway by
going to the /var/www/ directory and running htdigest -c myth_htdigest
MythTV mythtv



This seems to work really well and it allows me to still authenticate
so the googlebots won't eat my recordings. And because I have SSL on
my gateway I'm now accessing everything over SSL.

I'm not sure if MythWeb uses cookies or not - if it doesn' t now
there's a possibility that this may stop working in the future if
cookies are introduced, but I'll cross that bridge if I come to it.
There are Apache directives called ProxyPassReverseCookieDomain and
ProxyPassReverseCookiePath that look like they may be part of the
solution if it happens.

Regards,
Phill

More information about the mythtv-users mailing list