[mythtv-users] MythWeb over HTTPS using mod_rewrite

Jan Ceuleers jan.ceuleers at gmail.com
Sat May 26 18:30:51 UTC 2012 

On 05/26/2012 07:09 PM, Ronald Frazier wrote:
> On Fri, May 25, 2012 at 5:01 PM, Joe Nyland <joe at joenyland.co.uk> wrote:
>> Are you using mod_rewrite to force HTTPS, or is MythWeb actually running on
>> HTTPS?
> 
> No, I'm not using mod_rewrite, but I think that's really irrelevant.
> mod_rewrite can't "force" HTTPS. HTTPS is an end to end encryption,
> which means it can't just be switched into HTTPS mode. You have to
> start the request all over, with the client initiating the HTTPS
> session. So all mod_rewrite can really do is tell the browser "hey,
> start again, but use HTTPS this time". From then on, it should behave
> exactly the same as if HTTPS was explicitly requested.

Errr, no. My mythweb server serves http, and my
firewall-cum-reverse-proxy translates an https session on its internet
side into an http session on the home network side. Also, the reverse
proxy enforces authentication, whereas the internal mythweb server does
not. So I only need to authenticate when I connect from the internet,
but not locally.

I attach the apache reverse proxy config file that accomplishes this.
Sanitised in that I've removed the actual public DNS name of my reverse
proxy, but everything else is untouched (.xperim.be is a non-existent
domain that I use as my home network domain).

Note the quite intricate ProxyPass and ProxyPassReverse rules, with and
without slashes. These are tricky to get right.

HTH, Jan
-------------- next part --------------
SSLCertificateFile ssl.crt/janceuleers.crt
SSLCertificateKeyFile ssl.key/janceuleers.key
<VirtualHost public.dns.name:443>
	ServerAdmin janc at www.xperim.be
	DocumentRoot	/var/www/mythwebremote
	ServerName	public.dns.name
	SSLEngine	On
	SSLProxyEngine	On
	ProxyHTMLLogVerbose On
	<Location />
		SSLRequireSSL
		AuthType Digest
		AuthName mythweb
		AuthDigestProvider file
		AuthUserFile /etc/apache2/passwd/passwords
		Require valid-user
		Allow from all
	</Location>
	BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
	ProxyRequests On
	SetOutputFilter proxy-html
	ProxyPreserveHost On
	ProxyVia full
	ProxyPass	/mythweb/	https://www.xperim.be/mythweb/
	ProxyPassReverse	/mythweb/	https://www.xperim.be/mythweb/
	ProxyHTMLURLMap	http://www.xperim.be/mythweb https://public.dns.name/mythweb
	ProxyHTMLURLMap	/mythweb	/mythweb
	RequestHeader	unset	Accept-Encoding
</VirtualHost>

More information about the mythtv-users mailing list