[mythtv-users] How to set up remote access to mythweb?
Jan Ceuleers
jan.ceuleers at computer.org
Sun Dec 7 10:25:45 UTC 2008
Yan Seiner wrote:
> Has anyone put together any docs for getting streaming working with
> https? The docs I've seen just say 'also install it with http - which
> kind of defeats the purpose.
I've done this using Apache's reverse proxy function. I'm staying away
from port forwarding because (although I've never tried it) I think that
this complicates the setup by requiring that the mythweb server listen
on your public IP address.
So what I've done is the following:
- On the broadband router, which also runs Linux, set up a Virtual Host
that listens to port 443 on the IP address of the Internet-facing interface.
- Use ProxyPass and ProxyPassReverse to shovel requests back and forth
between the Internet and the local network.
- Make sure that the Virtual Host requires SSL. In my case Mythweb
itself (on the home network) does not. So the broadband router does all
of the encryption and decryption. (If you wanted your Mythweb to also
use https then the broadband router would still have to encrypt/decrypt
in order to get to the underlying http requests; in this case it would
have to do so on both sides instead of just on the Internet-facing side)
One of the problems is that Apache wants to be told the IP address it
needs to listen on, which is problematic if it's dynamic. Therefore,
specify that address by means of your dyndns name, and restart Apache
whenever the Internet interface comes up (waiting for your dyndns client
to have had a chance to register the new IP address in DNS).
The above setup works because I built my own broadband router (it's a
Soekris box with a Sangoma ADSL card in it). That is: the machine on
which the Internet-facing PPP session is terminated runs Linux, so that
I can run Apache on that machine without the need for port forwarding.
Something like this might also work in a port forwarding setup but I've
never tried it (and in any event I would want to still set up an Apache
reverse proxy on a separate DMZ, rather than port-forwarding straight to
the Mythweb machine).
But even if you don't want to build your own broadband router most
commercial boxes will allow you to use them as layer-2 devices so that
you can terminate the PPPoE session on a box connected to an Ethernet port.
Some docs:
- http://httpd.apache.org/docs/2.0/vhosts/
- http://httpd.apache.org/docs/2.0/mod/mod_proxy.html
- if you must use port forwarding have a look at
http://www.mythtv.org/wiki/index.php/MythWeb_ssh_tunnel_howto
Cheers, Jan
More information about the mythtv-users
mailing list