TUT: Apache SSL + reverse proxy for sickbeard, couchpotato etc. - Printable Version +- Forum (http://forum.xbian.org) +-- Forum: Community (/forum-5.html) +--- Forum: Support the project (/forum-11.html) +---- Forum: Contribute (/forum-34.html) +---- Thread: TUT: Apache SSL + reverse proxy for sickbeard, couchpotato etc. (/thread-1994.html) |
TUT: Apache SSL + reverse proxy for sickbeard, couchpotato etc. - yourshadow - 10th Jan, 2014 11:03 PM If you don't want to open up sickbeard transmission etc. ports to the open world but you DO want to access it from anywhere, you might want to consider the following Use Apache as a reverse proxy! 1. install webserver package of xbian, login to ssh -> Packages -> Web -> webserver 2. Exit the xbian installer and enable some mods for apache: Terminal sudo a2enmod proxy sudo a2enmod proxy_http sudo a2enmod rewrite sudo a2enmod ssl 3. Create a SSL certificate(this will make a certificate for 1 year, after that redo this, i guess): Terminal sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache.key -out /etc/ssl/certs/apache.crt It will ask you for some info, it doesn't realy matter what you will fill in Country Name (2 letter code) [AU]:NL State or Province Name (full name) [Some-State]:Groningen Locality Name (eg, city) []:Groningen Organization Name (eg, company) [Internet Widgits Pty Ltd]: PI Organizational Unit Name (eg, section) []: PI Common Name (e.g. server FQDN or YOUR name) []: PI Email Address []: 4. Edit the default apache site: Terminal sudo nano /etc/apache2/sites-available/default Remove everything (hold CTRL+K), then paste the following: Terminal <VirtualHost *:80> RewriteEngine on ReWriteCond %{SERVER_PORT} !^443$ RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L] </VirtualHost> <VirtualHost *:443> ServerAdmin admin@domain.com ServerName localhost ProxyRequests Off ProxyPreserveHost On <Proxy *> Order deny,allow Allow from all </Proxy> <Location /> Order allow,deny Allow from all </Location> SSLEngine On SSLProxyEngine On SSLCertificateFile /etc/ssl/certs/apache.crt SSLCertificateKeyFile /etc/ssl/private/apache.key ProxyPass /nzbget http://localhost:9092/nzbget ProxyPassReverse /nzbget http://localhost:9092/nzbget ProxyPass /sickbeard http://localhost:9094/sickbeard ProxyPassReverse /sickbeard http://localhost:9094/sickbeard ProxyPass /transmission http://localhost:9091/transmission ProxyPassReverse /transmission http://localhost:9091/transmission ProxyPass /headphones http://localhost:9093/headphones ProxyPassReverse /headphones http://localhost:9093/headphones ProxyPass /couchpotato http://localhost:9095/couchpotato ProxyPassReverse /couchpotato http://localhost:9095/couchpotato RewriteEngine on RewriteRule ^/xbmc$ /xbmc/ [R] ProxyPass /xbmc http://localhost:8080 ProxyPassReverse /xbmc http://localhost:8080 ErrorLog /var/log/apache2/error.log LogLevel warn </VirtualHost> 5. Now stop service sickbeard, and edit the config file: Terminal sudo service sickbeard stop [ ok ] Stopping Sickbeard:. sudo nano /etc/sickbeard/sickbeard.ini change webroot = "" to webroot = /sickbeard Also for Couchpotato: Terminal sudo service couchpotato stop [ ok ] Couchpotato not running. sudo nano /etc/couchpotato/settings.conf change url_base = to url_base = /couchpotato And Headphones: Terminal sudo service headphones stop [ ok ] Headphones: not running. sudo nano /etc/headphones/config.ini change http_root = / to http_root = /headphones 6. Now (re)start apache, sickbeard, couchpotato and headphones: Terminal xbian@xbian ~ $ sudo service apache2 restart [ ok ] Restarting web server: apache2 ... waiting . xbian@xbian ~ $ sudo service sickbeard start [ ok ] Starting Sickbeard:. xbian@xbian ~ $ sudo service headphones start [ ok ] Starting Headphones:. xbian@xbian ~ $ sudo service couchpotato start [ ok ] Starting Couchpotato:. 7. Let sickbeard en couchpotato have some time to boot up, now from localhost you can already acces your brand new proxy. In your browser type: for sickbeard: IP-OF-PI/sickbeard (eg 192.168.0.105/sickbeard) for headphones: IP-OF-PI/headphones for couchpotato: IP-OF-PI/couchpotato for nzbget: IP-OF-PI/nzbget for transmission: IP-OF-PI/transmission for xbmc: IP-OF-PI/xbmc You will get a certificate warning, just click continue.. 8. For non-local access, open up port 80 and 443 for you PI. 9. Now browse to your external IP like: 12.34.56.78/sickbeard 10. Enjoy * Offcourse change username and password of all services * Adding torrent through link was tested successful * Adding NZB through link was tested successful * This is an 'vanille' alternative for the maraschino package - When saving a setting, it appears that Sickbeard takes infinite to save. When a popup appears in the right corner, the setting is saved. Even thou the Sickbeard 'saving' animation keeps spinning. IMAGE, just ignore the never ending save animation! - When updating sickbeard, it will refresh to IP:9094/sickbeard, resulting in a website not found error. Remove the ':9094' - DO NOT enable sickbeard and/or couchpotato's HTTPS settings. There is no need for a secure 'local' connection. It will probably result into an error Edit: added XBMC website Edit: added some warnings/solutions RE: TUT: Apache SSL + reverse proxy for sickbeard, couchpotato etc. - vincejah - 6th Feb, 2014 08:56 AM Thanks for this useful thread. In my side, this does not work for both sickbeard and couchpotato even though I enabled https specifying certificqte qnd key. NZBGet and transmission are working as expected. I get the following error message: Quote:Service Temporarily Unavailable Any idea what could go wrong RE: TUT: Apache SSL + reverse proxy for sickbeard, couchpotato etc. - yourshadow - 13th Feb, 2014 07:10 PM @vincejah Sorry for the late response You might want to try to access sickbeard and/or couchpotato again now.. In step 6 you restart sickbeard and it takes some time to start sickbeard on a Pi, which results in the "Temporarily Unavailable" warning. Just wait a minute(or two) and you're good to go Also: - When saving a setting, it appears that Sickbeard takes infinite to save. When a popup appears in the right corner, the setting is saved. Even thou the Sickbeard 'saving' animation keeps spinning IMAGE, just ignore the never ending save animation! - When updating sickbeard, it will refresh to IP:9094/sickbeard, resulting in a website not found error. Remove the ':9094' updated in first post** RE: TUT: Apache SSL + reverse proxy for sickbeard, couchpotato etc. - yourshadow - 17th Feb, 2014 09:34 PM I didn't enable HTTPS settings in sickbeard.. There's no need for a double secure connection.. anywehere->proxy = https, proxy -> sickbeard = local.. So please disable sickbeard HTTPS settings. second, the certificate is self-signed so the proxy won't accept the sickbeard certificate, probably resulting in an error. |