[mythtv-users] MythWeb over HTTPS using mod_rewrite
Jan Ceuleers
jan.ceuleers at gmail.com
Sat May 26 18:30:51 UTC 2012
On 05/26/2012 07:09 PM, Ronald Frazier wrote:
> On Fri, May 25, 2012 at 5:01 PM, Joe Nyland <joe at joenyland.co.uk> wrote:
>> Are you using mod_rewrite to force HTTPS, or is MythWeb actually running on
>> HTTPS?
>
> No, I'm not using mod_rewrite, but I think that's really irrelevant.
> mod_rewrite can't "force" HTTPS. HTTPS is an end to end encryption,
> which means it can't just be switched into HTTPS mode. You have to
> start the request all over, with the client initiating the HTTPS
> session. So all mod_rewrite can really do is tell the browser "hey,
> start again, but use HTTPS this time". From then on, it should behave
> exactly the same as if HTTPS was explicitly requested.
Errr, no. My mythweb server serves http, and my
firewall-cum-reverse-proxy translates an https session on its internet
side into an http session on the home network side. Also, the reverse
proxy enforces authentication, whereas the internal mythweb server does
not. So I only need to authenticate when I connect from the internet,
but not locally.
I attach the apache reverse proxy config file that accomplishes this.
Sanitised in that I've removed the actual public DNS name of my reverse
proxy, but everything else is untouched (.xperim.be is a non-existent
domain that I use as my home network domain).
Note the quite intricate ProxyPass and ProxyPassReverse rules, with and
without slashes. These are tricky to get right.
HTH, Jan
-------------- next part --------------
SSLCertificateFile ssl.crt/janceuleers.crt
SSLCertificateKeyFile ssl.key/janceuleers.key
<VirtualHost public.dns.name:443>
ServerAdmin janc at www.xperim.be
DocumentRoot /var/www/mythwebremote
ServerName public.dns.name
SSLEngine On
SSLProxyEngine On
ProxyHTMLLogVerbose On
<Location />
SSLRequireSSL
AuthType Digest
AuthName mythweb
AuthDigestProvider file
AuthUserFile /etc/apache2/passwd/passwords
Require valid-user
Allow from all
</Location>
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
ProxyRequests On
SetOutputFilter proxy-html
ProxyPreserveHost On
ProxyVia full
ProxyPass /mythweb/ https://www.xperim.be/mythweb/
ProxyPassReverse /mythweb/ https://www.xperim.be/mythweb/
ProxyHTMLURLMap http://www.xperim.be/mythweb https://public.dns.name/mythweb
ProxyHTMLURLMap /mythweb /mythweb
RequestHeader unset Accept-Encoding
</VirtualHost>
More information about the mythtv-users
mailing list