Organizing web services (webmin, logitech media server) and SSL apache


I don’t like having to remember ports for various services, so I followed the guide at http://www.webmin.com/apache.html to add webmin to a directory rather than port 10000.

So first install the libapache2-mod-proxy-html package, then activate the headers, proxy, proxy_html and proxy_http modules. I did that from within webmin. Then add the following to /etc/apache2/httpd.conf:

SSLProxyEngine On
ProxyPass /webmin/ https://localhost:10000/
ProxyPassReverse /webmin/ https://localhost:10000/
<Proxy *>
allow from all
</Proxy>

Add the lines webprefix=/webmin and webprefixnoredir=1 to /etc/webmin/config.

In /etc/webmin/config, add the line referer=apachehost, where apachehost is the hostname from the URL used to access Webmin via Apache. If the referer line already has some hosts listed, add apachehost to it.

Re-start Apache to apply the configuration.

Unfortunately that didn’t work for me, since my webmin is purely ssl, I also have to enable ssl for apache:

sudo a2enmod ssl
sudo a2ensite default-ssl
cd ~/Documents
sudo openssl genrsa -aes256 -out server.key 4096
sudo openssl rsa -in server.key -out server.key.insecure
mv server.key server.key.secure
mv server.key.insecure server.key
sudo openssl req -new -key server.key -out server.csr
sudo openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
sudo cp server.crt /etc/ssl/certs
sudo cp server.key /etc/ssl/private

You then need to edit /etc/apache2/sites-available/default-ssl to make sure the following is set:

SSLCertificateFile /etc/ssl/certs/server.key
SSLCertificateKeyFile /etc/ssl/private/server.key

From within webmin, you also want to set the same certificates. It is under Webmin Configuration->SSL Encryption.

Private key file: /etc/ssl/private/server.key
Certificate file: /etc/ssl/certs/server.key

Then reload the servers:

sudo service apache2 restart
sudo server webmin restart

On a separate post I’ll show how to use a free StartSSL certificate to get rid of the certificate errors upon connection.

While apache is a good way to make this happen, there is what I think a better way with nginx. Here is the process:

sudo apt update && sudo apt dist-upgrade && sudo apt autoremove
sudo apt install nginx

Nginx is already running, check it with: sudo systemctl status nginx

I added a new site configuration file at /etc/nginx/sites-available/service-proxies

# Default server configuration
#
server {
        # SSL configuration

        listen 443 ssl default_server;
        listen [::]:443 ssl default_server;

        ssl_certificate /opt/dehydrated/certs/domain.tld/fullchain.pem;
        ssl_certificate_key /opt/dehydrated/certs/domain.tld/privkey.pem;

        server_name domain.tld;

        include         /etc/nginx/proxy_params;
        access_log  /var/log/nginx/access.log;

        location /tvheadend/ {
                proxy_pass      http://localhost:9981/;
                sub_filter "http://domain.tld/" "http://domain.tld/tvheadend/";
                sub_filter_once off;
        }

        location /kodiweb/ {
                proxy_pass      http://localhost:8080/;
                sub_filter "http://domain.tld/" "http://domain.tld/kodiweb/";
                sub_filter_once off;
        }

        location /service3/ {
                proxy_pass      http://localhost:12345/;
                sub_filter "http://domain.tld/" "http://domain.tld/service3/";
                sub_filter_once off;
        }
}

Leave a Reply

Your email address will not be published.