[cmik]

sudo service apache2 restartTo use Apache as an SSL proxy :
- You will need an Apache server accessible from your Kodi system.
- You will need to access ssh to your Kodi system and be able to make changes to /etc/hosts file.

In my case, I use Kodi on a raspberry pi (computer A) and have an Apache server on another raspberry (computer B).

On computer B (Apache):
1. enable ssl and proxy on Apache server:

ssh:
$ sudo a2enmod ssl

$ sudo a2enmod proxy

$ sudo a2enmod proxy_http

2. create SSL certificate :

ssh:
$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt

ssh:
$ sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

see step one of this article : https://www.digitalocean.com/community/t...untu-16-04

3. create a virtual host :

ssh:
$ sudo nano /etc/apache2/sites-enabled/default-ssl.conf

with content :

xml:
<IfModule mod_ssl.c>

        <VirtualHost *:443>

                ServerName o2-i.akamaihd.net



                ErrorLog ${APACHE_LOG_DIR}/error.log

                CustomLog ${APACHE_LOG_DIR}/access.log combined



                SSLEngine on

                SSLProxyEngine on

                SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt

                SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key

                SSLCertificateChainFile /etc/ssl/certs/dhparam.pem



                ProxyRequests Off

                <Proxy *>

                        AllowOverride all

                        Order deny,allow

                        Allow from all

                </Proxy>



                ProxyErrorOverride On

                ProxyPreserveHost On



                RequestHeader unset Icy-MetaData

                RequestHeader unset User-Agent

                RequestHeader append User-Agent "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0"



                ProxyPass / https://o2-i.akamaihd.net/

                ProxyPassReverse / https://o2-i.akamaihd.net/



                <Location />

                        Order allow,deny

                        Allow from all

                </Location>

        </VirtualHost>

</IfModule>

ssh:
$ sudo service apache2 restart

On computer A (Kodi):
4. modify /etc/hosts and make the host o2-i.akamaihd.net point to address ip of your machine B (ex : 192.168.0.25):

Code:

192.168.0.25    o2-i.akamaihd.net

I couldn't get this to work on Apache, it wouldn't even start once I load the configuration file, it immediately crashes when I do 

ssh:
sudo service apache2 restart

. Apache won't start until I remove the config file.

The apache error log only gives this:

xml:
[Sat Nov 17 12:05:38.195003 2018] [ssl:warn] [pid 26:tid 140268903777472] AH01909: 172.17.0.2:443:0 server certificate does NOT include an ID which matches the server name

AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message

[Sat Nov 17 12:05:38.217427 2018] [ssl:warn] [pid 26:tid 140268903777472] AH01909: 172.17.0.2:443:0 server certificate does NOT include an ID which matches the server name

[Sat Nov 17 12:05:38.219076 2018] [mpm_event:notice] [pid 26:tid 140268903777472] AH00489: Apache/2.4.25 (Debian) OpenSSL/1.0.2l configured -- resuming normal operations

[Sat Nov 17 12:05:38.221437 2018] [core:notice] [pid 26:tid 140268903777472] AH00094: Command line: '/usr/sbin/apache2 -D FOREGROUND'

[Sat Nov 17 12:11:14.775481 2018] [mpm_event:notice] [pid 26:tid 140268903777472] AH00491: caught SIGTERM, shutting down

I also wonder what port will Kodi hit when it hits Apache, will it go straight to 443? The hosts file looks to me that it goes to port 80, but it's not configured in Apache? [emoji848]

It is 443 (https).
Check if you have SSL enabled (with Listen 443 in ports.conf file) and headers also which I’ve forgotten in my post.