Forum
TUT: Apache SSL + reverse proxy for sickbeard, couchpotato etc. - Printable Version

+- Forum (http://forum.xbian.org)
+-- Forum: Community (/forum-5.html)
+--- Forum: Support the project (/forum-11.html)
+---- Forum: Contribute (/forum-34.html)
+---- Thread: TUT: Apache SSL + reverse proxy for sickbeard, couchpotato etc. (/thread-1994.html)



TUT: Apache SSL + reverse proxy for sickbeard, couchpotato etc. - yourshadow - 10th Jan, 2014 11:03 PM

If you don't want to open up sickbeard transmission etc. ports to the open world but you DO want to access it from anywhere, you might want to consider the followingBig Grin

Use Apache as a reverse proxy! Cool

1. install webserver package of xbian, login to ssh -> Packages -> Web -> webserver

2. Exit the xbian installer and enable some mods for apache:
Terminal
sudo a2enmod proxy
sudo a2enmod proxy_http
sudo a2enmod rewrite
sudo a2enmod ssl

3. Create a SSL certificate(this will make a certificate for 1 year, after that redo this, i guess):
Terminal
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache.key -out /etc/ssl/certs/apache.crt

It will ask you for some info, it doesn't realy matter what you will fill in
Country Name (2 letter code) [AU]:NL
State or Province Name (full name) [Some-State]:Groningen
Locality Name (eg, city) []:Groningen
Organization Name (eg, company) [Internet Widgits Pty Ltd]: PI
Organizational Unit Name (eg, section) []: PI
Common Name (e.g. server FQDN or YOUR name) []: PI
Email Address []:

4. Edit the default apache site:
Terminal
sudo nano /etc/apache2/sites-available/default

Remove everything (hold CTRL+K), then paste the following:

Terminal
<VirtualHost *:80>
RewriteEngine on
ReWriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
</VirtualHost>

<VirtualHost *:443>
ServerAdmin admin@domain.com
ServerName localhost

ProxyRequests Off
ProxyPreserveHost On

<Proxy *>
Order deny,allow
Allow from all
</Proxy>

<Location />
Order allow,deny
Allow from all
</Location>

SSLEngine On
SSLProxyEngine On
SSLCertificateFile /etc/ssl/certs/apache.crt
SSLCertificateKeyFile /etc/ssl/private/apache.key

ProxyPass /nzbget http://localhost:9092/nzbget
ProxyPassReverse /nzbget http://localhost:9092/nzbget

ProxyPass /sickbeard http://localhost:9094/sickbeard
ProxyPassReverse /sickbeard http://localhost:9094/sickbeard

ProxyPass /transmission http://localhost:9091/transmission
ProxyPassReverse /transmission http://localhost:9091/transmission

ProxyPass /headphones http://localhost:9093/headphones
ProxyPassReverse /headphones http://localhost:9093/headphones

ProxyPass /couchpotato http://localhost:9095/couchpotato
ProxyPassReverse /couchpotato http://localhost:9095/couchpotato

RewriteEngine on
RewriteRule ^/xbmc$ /xbmc/ [R]

ProxyPass /xbmc http://localhost:8080
ProxyPassReverse /xbmc http://localhost:8080

ErrorLog /var/log/apache2/error.log
LogLevel warn
</VirtualHost>

5. Now stop service sickbeard, and edit the config file:
Terminal
sudo service sickbeard stop
[ ok ] Stopping Sickbeard:.
sudo nano /etc/sickbeard/sickbeard.ini

change webroot = "" to webroot = /sickbeard

Also for Couchpotato:
Terminal
sudo service couchpotato stop
[ ok ] Couchpotato not running.
sudo nano /etc/couchpotato/settings.conf

change url_base = to url_base = /couchpotato

And Headphones:
Terminal
sudo service headphones stop
[ ok ] Headphones: not running.
sudo nano /etc/headphones/config.ini

change http_root = / to http_root = /headphones

6. Now (re)start apache, sickbeard, couchpotato and headphones:
Terminal
xbian@xbian ~ $ sudo service apache2 restart
[ ok ] Restarting web server: apache2 ... waiting .
xbian@xbian ~ $ sudo service sickbeard start
[ ok ] Starting Sickbeard:.
xbian@xbian ~ $ sudo service headphones start
[ ok ] Starting Headphones:.
xbian@xbian ~ $ sudo service couchpotato start
[ ok ] Starting Couchpotato:.

7. Let sickbeard en couchpotato have some time to boot up, now from localhost you can already acces your brand new proxy. In your browser type:
for sickbeard: IP-OF-PI/sickbeard (eg 192.168.0.105/sickbeard)
for headphones: IP-OF-PI/headphones
for couchpotato: IP-OF-PI/couchpotato
for nzbget: IP-OF-PI/nzbget
for transmission: IP-OF-PI/transmission
for xbmc: IP-OF-PI/xbmc

You will get a certificate warning, just click continue..

8. For non-local access, open up port 80 and 443 for you PI.

9. Now browse to your external IP like: 12.34.56.78/sickbeard

10. Enjoy Big Grin

* Offcourse change username and password of all services
* Adding torrent through link was tested successful
* Adding NZB through link was tested successful
* This is an 'vanille' alternative for the maraschino package

- When saving a setting, it appears that Sickbeard takes infinite to save. When a popup appears in the right corner, the setting is saved. Even thou the Sickbeard 'saving' animation keeps spinning. IMAGE, just ignore the never ending save animation!
- When updating sickbeard, it will refresh to IP:9094/sickbeard, resulting in a website not found error. Remove the ':9094'
- DO NOT enable sickbeard and/or couchpotato's HTTPS settings. There is no need for a secure 'local' connection. It will probably result into an errorSmile

Edit: added XBMC website
Edit: added some warnings/solutions Smile


RE: TUT: Apache SSL + reverse proxy for sickbeard, couchpotato etc. - vincejah - 6th Feb, 2014 08:56 AM

Thanks for this useful thread.

In my side, this does not work for both sickbeard and couchpotato even though I enabled https specifying certificqte qnd key. NZBGet and transmission are working as expected.

I get the following error message:
Quote:Service Temporarily Unavailable

The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.

Any idea what could go wrong


RE: TUT: Apache SSL + reverse proxy for sickbeard, couchpotato etc. - yourshadow - 13th Feb, 2014 07:10 PM

@vincejah

Sorry for the late response Confused You might want to try to access sickbeard and/or couchpotato again now..

In step 6 you restart sickbeard and it takes some time to start sickbeard on a Pi, which results in the "Temporarily Unavailable" warning. Just wait a minute(or two) and you're good to goBig Grin

Also:

- When saving a setting, it appears that Sickbeard takes infinite to save. When a popup appears in the right corner, the setting is saved. Even thou the Sickbeard 'saving' animation keeps spinningBig Grin IMAGE, just ignore the never ending save animation!

- When updating sickbeard, it will refresh to IP:9094/sickbeard, resulting in a website not found error. Remove the ':9094' Wink

updated in first post**


RE: TUT: Apache SSL + reverse proxy for sickbeard, couchpotato etc. - yourshadow - 17th Feb, 2014 09:34 PM

I didn't enable HTTPS settings in sickbeard.. There's no need for a double secure connection.. anywehere->proxy = https, proxy -> sickbeard = local.. So please disable sickbeard HTTPS settings.
second, the certificate is self-signed so the proxy won't accept the sickbeard certificate, probably resulting in an error.