[mythtv-users] MP3 player for mythmusic via mythweb

[Stephen Worthington]

On Tue, 31 Dec 2019 14:12:23 +1300, you wrote:

>
>> On Mon, 30 Dec 2019 22:23:40 +1300, you wrote:
>>
>>
>> Is there any particular reason that you need to use a
>> username/password on mythweb?  It is not really safe to expose mythweb
>> to the Internet even with a username/password.  So what I do is use
>> OpenVPN for external access to my network, and then I do not need to
>> bother with a username/password for mythweb.
>
>Good point - I'll have to read up on how I keep other parts of apache
>available but keep mythweb available on the local domain only.

The way I do that sort of thing is to use a different port for the
internal and external access.  So use :80 and :443 for internal
access, and :8080 and :8443 for external access, for example.  In you
router, you set up the port forwards for external access to map :80 to
:8080 and :443 to :8443.  The internal and external access configs are
separate sites in /etc/apache/sites-available.  I find that is fairly
easy to keep track of.  In your case, you would not even have a
mythweb-external.conf, just a mythweb.conf on :80 and :443, and as :80
and :443 are remapped in the router, there would be no possibility of
external access to the internal mythweb site.

If you run your own DNS server, you can also use Apache's ability to
distinguish sites by the DNS name even when they are on the same IP
address.  So I have nextcloud.conf where I have:

<VirtualHost *:443>
    ServerName nextcloud.jsw.gen.nz

So any access to :443 also needs to be using the DNS name
nextcloud.jsw.gen.nz before it will match that site config.  I have
nextcloud.jsw.gen.nz in both my internal and external DNS.  If you do
not have the name in your external DNS, then no external access will
work unless someone is deliberately hacking their web access tool to
allow them to put the name in the HTTPS requests, while using the IP
address to actually connect.