2018-11-17, 15:41
(2018-11-17, 14:50)cmik Wrote:(2018-11-17, 14:28)markv Wrote:(2018-11-13, 21:49)cmik Wrote: sudo service apache2 restartTo use Apache as an SSL proxy :
- You will need an Apache server accessible from your Kodi system.
- You will need to access ssh to your Kodi system and be able to make changes to /etc/hosts file.
In my case, I use Kodi on a raspberry pi (computer A) and have an Apache server on another raspberry (computer B).
On computer B (Apache):
1. enable ssl and proxy on Apache server:
ssh:$ sudo a2enmod ssl
$ sudo a2enmod proxy
$ sudo a2enmod proxy_http
2. create SSL certificate :
ssh:$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt
see step one of this article : https://www.digitalocean.com/community/t...untu-16-04ssh:$ sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
3. create a virtual host :
with content :ssh:$ sudo nano /etc/apache2/sites-enabled/default-ssl.conf
xml:<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName o2-i.akamaihd.net
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLProxyEngine on
SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt
SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
SSLCertificateChainFile /etc/ssl/certs/dhparam.pem
ProxyRequests Off
<Proxy *>
AllowOverride all
Order deny,allow
Allow from all
</Proxy>
ProxyErrorOverride On
ProxyPreserveHost On
RequestHeader unset Icy-MetaData
RequestHeader unset User-Agent
RequestHeader append User-Agent "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0"
ProxyPass / https://o2-i.akamaihd.net/
ProxyPassReverse / https://o2-i.akamaihd.net/
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>
</IfModule>ssh:$ sudo service apache2 restart
On computer A (Kodi):
4. modify /etc/hosts and make the host o2-i.akamaihd.net point to address ip of your machine B (ex : 192.168.0.25):
Code:192.168.0.25 o2-i.akamaihd.net
I couldn't get this to work on Apache, it wouldn't even start once I load the configuration file, it immediately crashes when I do. Apache won't start until I remove the config file.ssh:sudo service apache2 restart
The apache error log only gives this:
xml:[Sat Nov 17 12:05:38.195003 2018][ssl:warn][pid 26:tid 140268903777472] AH01909: 172.17.0.2:443:0 server certificate does NOT include an ID which matches the server name
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
[Sat Nov 17 12:05:38.217427 2018][ssl:warn][pid 26:tid 140268903777472] AH01909: 172.17.0.2:443:0 server certificate does NOT include an ID which matches the server name
[Sat Nov 17 12:05:38.219076 2018][mpm_event:notice][pid 26:tid 140268903777472] AH00489: Apache/2.4.25 (Debian) OpenSSL/1.0.2l configured -- resuming normal operations
[Sat Nov 17 12:05:38.221437 2018][core:notice][pid 26:tid 140268903777472] AH00094: Command line: '/usr/sbin/apache2 -D FOREGROUND'
[Sat Nov 17 12:11:14.775481 2018][mpm_event:notice][pid 26:tid 140268903777472] AH00491: caught SIGTERM, shutting down
I also wonder what port will Kodi hit when it hits Apache, will it go straight to 443? The hosts file looks to me that it goes to port 80, but it's not configured in Apache? [emoji848]
It is 443 (https).
Check if you have SSL enabled (with Listen 443 in ports.conf file) and headers also which I’ve forgotten in my post.
Thanks for the quick response, it still wouldn't work, I believe I've enabled all the modules you've stated
xml:
root@f0cd383339df:~# a2enmod ssl
Considering dependency setenvif for ssl:
Module setenvif already enabled
Considering dependency mime for ssl:
Module mime already enabled
Considering dependency socache_shmcb for ssl:
Module socache_shmcb already enabled
Module ssl already enabled
root@f0cd383339df:~# a2enmod proxy
Module proxy already enabled
root@f0cd383339df:~# a2enmod proxy_http
Considering dependency proxy for proxy_http:
Module proxy already enabled
Module proxy_http already enabled
root@f0cd383339df:~# a2enmod headers
Module headers already enabled
root@f0cd383339df:~# service apache2 reload
[FAIL] Reloading Apache httpd web server: apache2 failed!
[warn] The apache2 configtest failed. Not doing anything. ... (warning).
Output of config test was:
AH00526: Syntax error on line 2 of /etc/apache2/sites-enabled/default-ssl.conf:
Invalid command '\xc2\xa0', perhaps misspelled or defined by a module not included in the server configuration
Action 'configtest' failed.
The Apache error log may have more information.
root@f0cd383339df:~#
I only did reload just so it wouldn't crash, apache wouldn't start again without it getting fixed first.
and ports.conf looks ok:
xml:
Listen 80
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>