Apache Mythweb Reverse Proxy Configuration

After a lot of stuffing around and trial and error I've finally managed to get MythWeb configured using Apache as a reverse proxy. Additionally averything is transmitted using HTTPS rather than HTTP. The MythWeb server doesn't need to be serving HTTPS, just the reverse proxy server.

The configuration needs a couple of Apache modules:

  • mod_ssl - for HTTPS
  • mod_rewrite - to redirect HTTP to HTTPS
  • mod_proxy - to proxy the mythweb server
  • mod_headers - to get mod_filter & mod_substitute to work behind the reverse proxy
  • mod_filter - to filter only text/html files
  • mod_substitute - to replace http:// with //

Fork it at github


    <VirtualHost *:80>
    	ServerName mythweb-reverse.proxy.com

    	ServerAdmin [email protected]

    	# redirect http to https
	    RewriteEngine On
    	ReWriteCond %{SERVER_PORT} !^443$
    	RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]


    <IfModule mod_ssl.c>
    	<VirtualHost *:443>
    		ServerName mythweb-reverse.proxy.com

    		ServerAdmin [email protected]

    		SSLEngine on

    		SSLCertificateFile /etc/ssl/server/mythweb-reverse.proxy.com.crt
    		SSLCertificateKeyFile /etc/ssl/private/mythweb-reverse.proxy.com.key

    		BrowserMatch "MSIE [2-6]" \
    				nokeepalive ssl-unclean-shutdown \
    				downgrade-1.0 force-response-1.0
    		# MSIE 7 and newer should be able to use keepalive
    		BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

            # Rewrite all requests for / to /mythweb
    		RewriteEngine On
    		RewriteCond %{REQUEST_URI} ^/$
    		RewriteRule (.*) /mythweb/ [R=302]

    		# needed so mod_filter & mod_substitute below work
    		Header set Accept-Ranges "none"
    		RequestHeader unset Accept-Encoding

    		# rewrite http://.... to just //...
    		FilterDeclare replace
    		FilterProvider replace SUBSTITUTE "%{CONTENT_TYPE} =~ m|^text/html|"
    		FilterChain replace
    		Substitute "s|http://|//|"

    		<Location /mythweb>
    			AuthType Digest
    			AuthName "Mythweb"
    			AuthDigestDomain /mythweb/

    			AuthDigestProvider file
    			AuthUserFile /etc/apache2/passwd/mythweb-reverse.proxy.com.passwd
    			Require valid-user

    		# Authentication not required for /mythweb/tv/opensearch URLs
    		<LocationMatch "^/mythweb/tv/opensearch">
    			Require all granted

    		ProxyRequests Off

    		ProxyPass /mythweb http://mythweb.internal.lan/mythweb/
    		ProxyPassReverse /mythweb http://mythweb.internal.lan/mythweb/

    # vim: syntax=apache ts=4 sw=4 sts=4 sr noet