[mythtv-users] How to set up remote access to mythweb?

Jan Ceuleers jan.ceuleers at computer.org
Sun Dec 7 10:25:45 UTC 2008


Yan Seiner wrote:
> Has anyone put together any docs for getting streaming working with 
> https?  The docs I've seen just say 'also install it with http - which 
> kind of defeats the purpose.

I've done this using Apache's reverse proxy function. I'm staying away 
from port forwarding because (although I've never tried it) I think that 
this complicates the setup by requiring that the mythweb server listen 
on your public IP address.

So what I've done is the following:

- On the broadband router, which also runs Linux, set up a Virtual Host 
that listens to port 443 on the IP address of the Internet-facing interface.

- Use ProxyPass and ProxyPassReverse to shovel requests back and forth 
between the Internet and the local network.

- Make sure that the Virtual Host requires SSL. In my case Mythweb 
itself (on the home network) does not. So the broadband router does all 
of the encryption and decryption. (If you wanted your Mythweb to also 
use https then the broadband router would still have to encrypt/decrypt 
in order to get to the underlying http requests; in this case it would 
have to do so on both sides instead of just on the Internet-facing side)

One of the problems is that Apache wants to be told the IP address it 
needs to listen on, which is problematic if it's dynamic. Therefore, 
specify that address by means of your dyndns name, and restart Apache 
whenever the Internet interface comes up (waiting for your dyndns client 
to have had a chance to register the new IP address in DNS).

The above setup works because I built my own broadband router (it's a 
Soekris box with a Sangoma ADSL card in it). That is: the machine on 
which the Internet-facing PPP session is terminated runs Linux, so that 
I can run Apache on that machine without the need for port forwarding. 
Something like this might also work in a port forwarding setup but I've 
never tried it (and in any event I would want to still set up an Apache 
reverse proxy on a separate DMZ, rather than port-forwarding straight to 
the Mythweb machine).

But even if you don't want to build your own broadband router most 
commercial boxes will allow you to use them as layer-2 devices so that 
you can terminate the PPPoE session on a box connected to an Ethernet port.

Some docs:
- http://httpd.apache.org/docs/2.0/vhosts/
- http://httpd.apache.org/docs/2.0/mod/mod_proxy.html
- if you must use port forwarding have a look at 
http://www.mythtv.org/wiki/index.php/MythWeb_ssh_tunnel_howto

Cheers, Jan


More information about the mythtv-users mailing list