rick_k wrote:
> Do you use the proxy just to eliminate the need to add ':9000' to the
> URL, or is there another reason? If you were to switch your proxy to use
> HTTPS, what would break?
No other reason and changing the communication to HTTPS wouldn't make it
any different from a client perspective.
Plain HTTP proxy:
Code:
--------------------
<VirtualHost *:80>
ServerAdmin webmaster@localhost
ServerName <FQDN name>
ServerAlias <short name>
RewriteEngine on
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME} !-f
RewriteRule ^/(.*)$ http://%{HTTP_HOST}:9000/$1 [NE,P,L]
</VirtualHost>
--------------------
HTTPS proxy:
Code:
--------------------
<VirtualHost *:443>
ServerAdmin webmaster@localhost
ServerName <FQDN name>
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/<FQDN name>/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/<FQDN name>/privkey.pem
RewriteEngine on
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME} !-f
RewriteRule ^/(.*)$ http://%{HTTP_HOST}:9000/$1 [NE,P,L]
</VirtualHost>
--------------------
And to control access to LMS settings you could insert something like
this:
Code:
--------------------
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars
SSLCADNRequestFile /etc/apache2/MySnakeOilCA.crt
<Location /settings>
RewriteEngine on
RewriteBase /settings
RewriteCond %{SSL:SSL_CLIENT_VERIFY} !^SUCCESS$
RewriteRule ^/(.*)$ - [R=500,L]
</Location>
--------------------
This requires self-signed (aka `Snakeoil`) certificates because x509
client certificates must be verified by a local stored CA.
------------------------------------------------------------------------
gordonb3's Profile: http://forums.slimdevices.com/member.php?userid=71050
View this thread: http://forums.slimdevices.com/showthread.php?t=115292
_______________________________________________
Squeezecenter mailing list
[email protected]
http://lists.slimdevices.com/mailman/listinfo/squeezecenter
