nxmehta Posted June 3, 2013 Report Share Posted June 3, 2013 Has anyone managed to setup Apache so that you can access the web UI through a reverse proxy? Everything I've tried just redirects me to /gui and I can't get it to work.This would be very useful to have because I would like to access the web UI through SSL via my own webserver. Thanks for any help. Quote Link to comment Share on other sites More sharing options...
nxmehta Posted June 3, 2013 Author Report Share Posted June 3, 2013 Well, tried a little harder and it sorta works. This was the magic incantation that worked for me: RewriteRule ^/btsync$ /gui/ [R] RewriteRule ^/btsync/ /gui/ [R] RewriteRule ^/gui$ /gui/ [R] ProxyPass /gui/ http://localhost:8888/gui/ <Location /gui/> ProxyPassReverse http://localhost:8888/gui/ Order Allow,Deny Allow from All </Location>It redirects /btsync to /gui but at least it works. Hope that helps someone out there. Quote Link to comment Share on other sites More sharing options...
Disappointed Cat Posted June 3, 2013 Report Share Posted June 3, 2013 The webUI supports SSL. Am I the only one who tried it without hacking around first? Although to change the certificate to your own you have to edit the settings.dat file manually,and it doesn't log failed login attempts so it can't be hooked up with fail2ban. Quote Link to comment Share on other sites More sharing options...
stallemanden Posted June 3, 2013 Report Share Posted June 3, 2013 The webUI supports SSL. Am I the only one who tried it without hacking around first? Although to change the certificate to your own you have to edit the settings.dat file manually,and it doesn't log failed login attempts so it can't be hooked up with fail2ban.And you don't consider that a hack ?Might just be me, but I've nothing but failed to create a new settings.dat that actually works. Quote Link to comment Share on other sites More sharing options...
Disappointed Cat Posted June 3, 2013 Report Share Posted June 3, 2013 I don't. It's just inconvenient configuration.Things to look out for:- Using (BEGIN|END) RSA PRIVATE KEY instead of just (BEGIN|END) PRIVATE KEY- Windows EOL conversion and so the length of the blockYou could also use a bencode editor. Quote Link to comment Share on other sites More sharing options...
stallemanden Posted June 3, 2013 Report Share Posted June 3, 2013 Things to look out for:- Using (BEGIN|END) RSA PRIVATE KEY instead of just (BEGIN|END) PRIVATE KEY- Windows EOL conversion and so the length of the blockMeaning ?I've been trying for like 10 times now, using BEncode EditorEvery time with no luck Quote Link to comment Share on other sites More sharing options...
Disappointed Cat Posted June 3, 2013 Report Share Posted June 3, 2013 I used Notepad++.* Insert the certificate text after selfcertLEN: - after removing the original of course.* Apply unix EOL conversion.* Then select the inserted text (including the last new line) and write the length after 'selfcert' and before the ':'.(The status bar will show how many characters you selected.)Like this - first the public, then the private key:selfcert1880:-----BEGIN CERTIFICATE-----...-----END CERTIFICATE----------BEGIN RSA PRIVATE KEY-----...-----END RSA PRIVATE KEY-----As for the RSA part: It didn't work for me if I only wrote BEGIN and END PRIVATE KEY as it is in the original file.Edit: You did try to access it via https://host:8888/ right?If you want to ommit the port you'd need to change the webUI's listening port to 443,assuming it wouldn't collide with your webserver. Quote Link to comment Share on other sites More sharing options...
nxmehta Posted June 3, 2013 Author Report Share Posted June 3, 2013 There are many other reasons to want to access the Web UI through a reverse proxy other than just enabling SSL. You could enable many other types of authentication, for example.Editing a binary file to embed a cert is... not a great configuration methodology. Quote Link to comment Share on other sites More sharing options...
Disappointed Cat Posted June 3, 2013 Report Share Posted June 3, 2013 Indeed. Thanks for bringing it up.I just switched to it so I can use my global base auth configuration with fail2ban.If anyone is interested in this, here's how:* Configure base auth like you'd normally do in a location or directory block.* Send btsync a static auth header: STRING=BASE64(user:pass)AuthUserFile /etc/apache2/htpasswdAuthGroupFile /etc/apache2/htgroupAuthName "asdfs"AuthType BasicRequire group adminRequestHeader set Authorization "Basic STRING"This also sort of eliminates the problem of btsync stroring passwords in clear text. Listening on localhost only..You can set it to any dumb thing and just authenticate over the proxy. Quote Link to comment Share on other sites More sharing options...
Disappointed Cat Posted June 3, 2013 Report Share Posted June 3, 2013 I also tried to rewrite /btsync to /gui without luck.All I could come up with is simplifying your code:Redirect /btsync /gui<Location /gui> ProxyPass http://127.0.0.1:8888/gui ProxyPassReverse http://127.0.0.1:8888/gui ... Quote Link to comment Share on other sites More sharing options...
Shot2 Posted July 8, 2013 Report Share Posted July 8, 2013 No luck either with Cherokee's HTTP reverse proxy, all I ever get is HTTP 400 Bad Request... Quote Link to comment Share on other sites More sharing options...
dale2507 Posted July 29, 2013 Report Share Posted July 29, 2013 I think I've come up with the best solution for this. The WebUI automatically configures itself for the url you are using provided it is still at someurl/gui/So here is my solution:ProxyPass /btsync/gui/ http://127.0.0.1:8888/gui/ProxyPassReverse /btsync/gui/ http://127.0.0.1:8888/gui/Redirect permanent /btsync /btsync/gui/And for those interested here is the code in the WebUI where I discovered this:var urlBase = window.location.pathname.split("/gui", 1)[0].replace(/\/+$/, "");var guiBase = urlBase + "/gui/";var proxyBase = urlBase + "/proxy";Tested with v1.1.48 Quote Link to comment Share on other sites More sharing options...
Disappointed Cat Posted July 30, 2013 Report Share Posted July 30, 2013 But that only forwards /gui/ to BTSync's webserver. There probably will be other pages like /proxy, /api, etc.The problem when you try to pass-through everything is that Apache loads the proxy directive before the redirect directive.I tried ProxyPassMatch, RewriteRule [P], and who knows what else. The final solution was this:<Location /btsync>ProxyPass http://127.0.0.1:5030ProxyPassReverse http://127.0.0.1:5030RewriteEngine onRewriteCond %{REQUEST_URI} ^/btsync(/|/gui)?$RewriteRule ^ /btsync/gui/ [L,R=301]# Auth, etc, ....</Location>This way /btsync, /btsync/, /btsync/gui, /btsync/gui/ all work while forwarding everything.Can you make it nicer? Quote Link to comment Share on other sites More sharing options...
Shot2 Posted October 14, 2013 Report Share Posted October 14, 2013 Months go by and still no luck. Still stuck with this dumb "/gui/" (talk of a non-informative url...) At least, please consider providing a configuration option for that base directory (e.g. in the .conf file, under the webui section), something along these lines:"webui" : { "listen" : "127.0.0.1:8888", "login" : "username", "password" : "userpassword", "basedir" : "btsyncGUI" }so that the webui becomes accessible (and reverse-proxyable) at "http://127.0.0.1:8888/btsyncGUI/" Shouldn't be rocket science... Quote Link to comment Share on other sites More sharing options...
nxmehta Posted October 14, 2013 Author Report Share Posted October 14, 2013 Months go by and still no luck. Still stuck with this dumb "/gui/" (talk of a non-informative url...) At least, please consider providing a configuration option for that base directory (e.g. in the .conf file, under the webui section), something along these lines:"webui" : { "listen" : "127.0.0.1:8888", "login" : "username", "password" : "userpassword", "basedir" : "btsyncGUI" }so that the webui becomes accessible (and reverse-proxyable) at "http://127.0.0.1:8888/btsyncGUI/" Shouldn't be rocket science... I posted instructions for making this work using nginx here: http://forum.bittorrent.com/topic/20710-nginx-as-reverse-proxy-for-the-config-page/#entry66870 It's been working great for me. Quote Link to comment Share on other sites More sharing options...
Shot2 Posted October 14, 2013 Report Share Posted October 14, 2013 Good for you... Still, can't make it work with Cherokee (cf. my previous posts). Quote Link to comment Share on other sites More sharing options...
Disappointed Cat Posted October 14, 2013 Report Share Posted October 14, 2013 Just change the RewriteRule line to RewriteRule ^ /btsync/gui/en/index.html [L,R=301] in my last example.It does an ugly JS redirection which is hard to handle without overriding and redirecting /gui as well.Other than that, everything should work fine.P.S: The new rewrite rule does not apply to all versions. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.