[markv]

sudo service apache2 restartTo use Apache as an SSL proxy :
- You will need an Apache server accessible from your Kodi system.
- You will need to access ssh to your Kodi system and be able to make changes to /etc/hosts file.

In my case, I use Kodi on a raspberry pi (computer A) and have an Apache server on another raspberry (computer B).

On computer B (Apache):
1. enable ssl and proxy on Apache server:

ssh:
$ sudo a2enmod ssl

$ sudo a2enmod proxy

$ sudo a2enmod proxy_http

2. create SSL certificate :

ssh:
$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt

ssh:
$ sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

see step one of this article : https://www.digitalocean.com/community/t...untu-16-04

3. create a virtual host :

ssh:
$ sudo nano /etc/apache2/sites-enabled/default-ssl.conf

with content :

xml:
<IfModule mod_ssl.c>

        <VirtualHost *:443>

                ServerName o2-i.akamaihd.net



                ErrorLog ${APACHE_LOG_DIR}/error.log

                CustomLog ${APACHE_LOG_DIR}/access.log combined



                SSLEngine on

                SSLProxyEngine on

                SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt

                SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key

                SSLCertificateChainFile /etc/ssl/certs/dhparam.pem



                ProxyRequests Off

                <Proxy *>

                        AllowOverride all

                        Order deny,allow

                        Allow from all

                </Proxy>



                ProxyErrorOverride On

                ProxyPreserveHost On



                RequestHeader unset Icy-MetaData

                RequestHeader unset User-Agent

                RequestHeader append User-Agent "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0"



                ProxyPass / https://o2-i.akamaihd.net/

                ProxyPassReverse / https://o2-i.akamaihd.net/



                <Location />

                        Order allow,deny

                        Allow from all

                </Location>

        </VirtualHost>

</IfModule>

ssh:
$ sudo service apache2 restart

On computer A (Kodi):
4. modify /etc/hosts and make the host o2-i.akamaihd.net point to address ip of your machine B (ex : 192.168.0.25):

Code:

192.168.0.25    o2-i.akamaihd.net

I couldn't get this to work on Apache, it wouldn't even start once I load the configuration file, it immediately crashes when I do 

ssh:
sudo service apache2 restart

. Apache won't start until I remove the config file.

The apache error log only gives this:

xml:
[Sat Nov 17 12:05:38.195003 2018][ssl:warn][pid 26:tid 140268903777472] AH01909: 172.17.0.2:443:0 server certificate does NOT include an ID which matches the server name

AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message

[Sat Nov 17 12:05:38.217427 2018][ssl:warn][pid 26:tid 140268903777472] AH01909: 172.17.0.2:443:0 server certificate does NOT include an ID which matches the server name

[Sat Nov 17 12:05:38.219076 2018][mpm_event:notice][pid 26:tid 140268903777472] AH00489: Apache/2.4.25 (Debian) OpenSSL/1.0.2l configured -- resuming normal operations

[Sat Nov 17 12:05:38.221437 2018][core:notice][pid 26:tid 140268903777472] AH00094: Command line: '/usr/sbin/apache2 -D FOREGROUND'

[Sat Nov 17 12:11:14.775481 2018][mpm_event:notice][pid 26:tid 140268903777472] AH00491: caught SIGTERM, shutting down

I also wonder what port will Kodi hit when it hits Apache, will it go straight to 443? The hosts file looks to me that it goes to port 80, but it's not configured in Apache? [emoji848] 

It is 443 (https).
Check if you have SSL enabled (with Listen 443 in ports.conf file) and headers also which I’ve forgotten in my post.  

 
Thanks for the quick response, it still wouldn't work, I believe I've enabled all the modules you've stated

xml:


root@f0cd383339df:~# a2enmod ssl

Considering dependency setenvif for ssl:

Module setenvif already enabled

Considering dependency mime for ssl:

Module mime already enabled

Considering dependency socache_shmcb for ssl:

Module socache_shmcb already enabled

Module ssl already enabled

root@f0cd383339df:~# a2enmod proxy

Module proxy already enabled

root@f0cd383339df:~# a2enmod proxy_http

Considering dependency proxy for proxy_http:

Module proxy already enabled

Module proxy_http already enabled

root@f0cd383339df:~# a2enmod headers

Module headers already enabled

root@f0cd383339df:~# service apache2 reload

[FAIL] Reloading Apache httpd web server: apache2 failed!

[warn] The apache2 configtest failed. Not doing anything. ... (warning).

Output of config test was:

AH00526: Syntax error on line 2 of /etc/apache2/sites-enabled/default-ssl.conf:

Invalid command '\xc2\xa0', perhaps misspelled or defined by a module not included in the server configuration

Action 'configtest' failed.

The Apache error log may have more information.

root@f0cd383339df:~#

I only did reload just so it wouldn't crash, apache wouldn't start again without it getting fixed first.


and ports.conf looks ok:

xml:


Listen 80



<IfModule ssl_module>

    Listen 443

</IfModule>



<IfModule mod_gnutls.c>

    Listen 443

</IfModule>