Apache Mythweb Reverse Proxy Configuration

linux Dec 03, 2014

After a lot of stuffing around and trial and error I've finally managed to get MythWeb configured using Apache as a reverse proxy. Additionally averything is transmitted using HTTPS rather than HTTP. The MythWeb server doesn't need to be serving HTTPS, just the reverse proxy server.

The configuration needs a couple of Apache modules:

  • mod_ssl - for HTTPS
  • mod_rewrite - to redirect HTTP to HTTPS
  • mod_proxy - to proxy the mythweb server
  • mod_headers - to get mod_filter & mod_substitute to work behind the reverse proxy
  • mod_filter - to filter only text/html files
  • mod_substitute - to replace http:// with //

Fork it at github


    <VirtualHost *:80>
    	ServerName mythweb-reverse.proxy.com

    	ServerAdmin [email protected]

    	# redirect http to https
	    RewriteEngine On
    	ReWriteCond %{SERVER_PORT} !^443$
    	RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]


    <IfModule mod_ssl.c>
    	<VirtualHost *:443>
    		ServerName mythweb-reverse.proxy.com

    		ServerAdmin [email protected]

    		SSLEngine on

    		SSLCertificateFile /etc/ssl/server/mythweb-reverse.proxy.com.crt
    		SSLCertificateKeyFile /etc/ssl/private/mythweb-reverse.proxy.com.key

    		BrowserMatch "MSIE [2-6]" \
    				nokeepalive ssl-unclean-shutdown \
    				downgrade-1.0 force-response-1.0
    		# MSIE 7 and newer should be able to use keepalive
    		BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

            # Rewrite all requests for / to /mythweb
    		RewriteEngine On
    		RewriteCond %{REQUEST_URI} ^/$
    		RewriteRule (.*) /mythweb/ [R=302]

    		# needed so mod_filter & mod_substitute below work
    		Header set Accept-Ranges "none"
    		RequestHeader unset Accept-Encoding

    		# rewrite http://.... to just //...
    		FilterDeclare replace
    		FilterProvider replace SUBSTITUTE "%{CONTENT_TYPE} =~ m|^text/html|"
    		FilterChain replace
    		Substitute "s|http://|//|"

    		<Location /mythweb>
    			AuthType Digest
    			AuthName "Mythweb"
    			AuthDigestDomain /mythweb/

    			AuthDigestProvider file
    			AuthUserFile /etc/apache2/passwd/mythweb-reverse.proxy.com.passwd
    			Require valid-user

    		# Authentication not required for /mythweb/tv/opensearch URLs
    		<LocationMatch "^/mythweb/tv/opensearch">
    			Require all granted

    		ProxyRequests Off

    		ProxyPass /mythweb http://mythweb.internal.lan/mythweb/
    		ProxyPassReverse /mythweb http://mythweb.internal.lan/mythweb/

    # vim: syntax=apache ts=4 sw=4 sts=4 sr noet


Great! You've successfully subscribed.
Great! Next, complete checkout for full access.
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.