apache redirect

[fireport]

Dear all,
I have a domoticz installation on a Linux machine and I would like to access it via the internet.
I already have an apache server that is accessible from the outside on port 443.
The server exposes services using url like https://domain/[service] so to configure webserver to provide a page at the link https://domain/domoticz.
Can someone help me ?
Thanks

[sancla]

Hi fireport,

Not really sure what you are asking exactly but let me have a shot at it...

I am guessing that your Domoticz installation is running on port 8080.
Next is the IP address your Domoticz is running at, for example 192.168.1.123.

To be able to reach Domoticz from outside (from the internet), you need to configure a NAT port forward to that IP address for port 8080 on your internet router.

Now, domain names...
A domain name is based on DNS. DNS is like a phonebook, it translate a website like domoticz.com to the IP address 146.185.159.228.
My advice, skip the DNS/domain part for now, it can get difficult very fast...


However...
Domoticz advises you not to work with port forwards and to expose your Domoticz installation to the internet.
It is simply not safe enough at this moment and Domoticz is not designed for this.
Take a look at the advice of waaren below regarding OpenVPN. It's well worth the investment digging into that subject...

[waaren]

I have a domoticz installation on a Linux machine and I would like to access it via the internet.

Using openVPN would be an option for this.

[gordonb3]

1. Change the http root of domoticz by adding command line option `-webroot domoticz`
   note: this will cause the Domoticz internal webserver to return an error when you call it without referencing that folder as part of the URI
2. Add the following directive to your Apache ssl host configuration:

   Code: Select all

           <Location /domoticz>
                   DirectoryIndex disabled
                   RewriteEngine On
                   RewriteCond %{SSL:SSL_CLIENT_VERIFY} ^SUCCESS$
                   RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME} !-f
                   RewriteRule ^/home/web/ssl-site/(.*)$ http://127.0.0.1:8080/$1 [NE,P,L]
           </Location>
   

   note: the SSL entry is for x509 authentication. I suggest you use that, but you can leave it out for testing.
3. following is an example additional vhost for your internal network that will allow direct access without needing to know the webroot parameter:

   Code: Select all

   <VirtualHost 192.168.10.1:80>
           ServerAdmin webmaster@localhost
           ServerName domoticz.homenet.local
           ServerAlias domoticz
   
           ErrorLog /var/log/apache2/domoticz-error.log
           CustomLog /var/log/apache2/domoticz-access.log combined
           ServerSignature On
   
           RewriteEngine on
           RewriteRule ^/$ /domoticz/ [R,L]
           RewriteRule ^/#.*$ /domoticz/ [R,L]
           RewriteCond %{REMOTE_ADDR} !^192\.168\.10\.1$
           RewriteCond %{REMOTE_ADDR} ^192\.168\.10\.
           RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME} !-f
           RewriteRule ^/(.*)$ http://%{HTTP_HOST}:8080/$1 [NE,P,L]
   </VirtualHost>
   

[fireport]

Thanks fro your reply gordonb3, but something doesn't work.
After adding the webroot directive internal domoticz webserver correctly reply to internal url http://ip/domoticz/ but when i tried accessing it using the url http://external-ip/domoticz apache reply with error 404 and in the log i find the following entries:

Code: Select all

[Mon Jan 06 16:19:00.160148 2020] [core:info] [pid 3825925:tid 140113323095808] [client 192.168.1.1:56152] AH00128: File does not exist: /var/www/html/domoticz/
192.168.1.1 - - [06/Jan/2020:16:19:00 +0100] "GET /domoticz/ HTTP/1.1" 404 196

Any help wil be appreciated

[gordonb3]

I thought you said it was https?

Anyway, I think you may be missing mod_proxy in your configuration.

[fireport]

Sorry gordonb3, i did a mistake writing the post.
The url that i used was https://domain/domoticz
Modproxy is loaded

Code: Select all

[root@linux httpd]# tail -f ssl_error_log|grep domo
[Tue Jan 07 10:19:45.246446 2020] [core:info] [pid 3828099:tid 140662829725440] [client 85.159.196.228:39790] AH00128: File does not exist: /var/www/html/domoticz/

Code: Select all

[root@linux httpd]# httpd -M|grep proxy
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using ::1. Set the 'ServerName' directive globally to suppress this message
 proxy_module (shared)
 proxy_ajp_module (shared)
 proxy_balancer_module (shared)
 proxy_connect_module (shared)
 proxy_express_module (shared)
 proxy_fcgi_module (shared)
 proxy_fdpass_module (shared)
 proxy_ftp_module (shared)
 proxy_http_module (shared)
 proxy_hcheck_module (shared)
 proxy_scgi_module (shared)
 proxy_uwsgi_module (shared)
 proxy_wstunnel_module (shared)
 proxy_http2_module (shared)

[gordonb3]

Is that a Debian derived system? It's possible that they custom patched the Apache source files to cause a somewhat different behaviour. May also want to double check that you have mod_rewrite included as well, but seeing that long list of proxy (sub)modules that will most likely be the case.

One thing you could try is change the root reference in the last RewriteRule to be relative to webroot. i.e. change it to

Code: Select all

RewriteRule ^(.*)$ http://127.0.0.1:8080/$1 [NE,P,L]

[fireport]

Sorry, but also second suggestion doesn't work.
I'm wondering why apache tries to connect to /var/www/html/domoticz/ instead of http://127.0.0.1:8080/domoticz

Code: Select all

[Tue Jan 07 19:22:15.051009 2020] [core:info] [pid 27558:tid 139700547331840] [client 192.168.1.1:37176] AH00128: File does not exist: /var/www/html/domoticz/ 
192.168.1.1 - - [07/Jan/2020:19:22:15 +0100] "GET /domoticz/ HTTP/1.1" 404 196
[07/Jan/2020:19:22:15 +0100] 192.168.1.1 TLSv1.3 TLS_AES_256_GCM_SHA384 "GET /domoticz/ HTTP/1.1" 196

[gordonb3]

Well, that's not a big mystery. It means that the rewrite is not processed (correctly) and thus it tries to find the file from the URI within the regular web root.

Did you try create the internal vhost as suggested in the #3 example? This could help identify whether the issue is caused by some other setting in your SSL enabled vhost or in the rewrite method itself.

[fireport]

Hi gordonb3,
thanks for your effort.
I solved my problem using this configuration:

Code: Select all

ProxyPass /domoticz/json  ws://127.0.0.1:8080/domoticz/json
ProxyPassReverse /domoticz/json ws://127.0.0.1:8080/domoticz/json
ProxyPass /domoticz http://127.0.0.1:8080/domoticz
ProxyPassReverse /domoticz http://127.0.0.1:8080/domoticz

Now i can access domoticz using https//external-ip/domoticz.
Your suggestion about webroot was very precious.