Page 1 of 1
apache redirect
Posted: Saturday 04 January 2020 19:16
by fireport
Dear all,
I have a domoticz installation on a Linux machine and I would like to access it via the internet.
I already have an apache server that is accessible from the outside on port 443.
The server exposes services using url like
https://domain/[service] so to configure webserver to provide a page at the link
https://domain/domoticz.
Can someone help me ?
Thanks
Re: apache redirect
Posted: Saturday 04 January 2020 19:31
by sancla
Hi fireport,
Not really sure what you are asking exactly but let me have a shot at it...
I am guessing that your Domoticz installation is running on port 8080.
Next is the IP address your Domoticz is running at, for example 192.168.1.123.
To be able to reach Domoticz from outside (from the internet), you need to configure a NAT port forward to that IP address for port 8080 on your internet router.
Now, domain names...
A domain name is based on DNS. DNS is like a phonebook, it translate a website like domoticz.com to the IP address 146.185.159.228.
My advice, skip the DNS/domain part for now, it can get difficult very fast...
However...
Domoticz advises you not to work with port forwards and to expose your Domoticz installation to the internet.
It is simply not safe enough at this moment and Domoticz is not designed for this.
Take a look at the advice of waaren below regarding OpenVPN. It's well worth the investment digging into that subject...
Re: apache redirect
Posted: Saturday 04 January 2020 19:47
by waaren
fireport wrote: ↑Saturday 04 January 2020 19:16
I have a domoticz installation on a Linux machine and I would like to access it via the internet.
Using
openVPN would be an option for this.
Re: apache redirect
Posted: Saturday 04 January 2020 22:24
by gordonb3
- Change the http root of domoticz by adding command line option `-webroot domoticz`
note: this will cause the Domoticz internal webserver to return an error when you call it without referencing that folder as part of the URI
- Add the following directive to your Apache ssl host configuration:
Code: Select all
<Location /domoticz>
DirectoryIndex disabled
RewriteEngine On
RewriteCond %{SSL:SSL_CLIENT_VERIFY} ^SUCCESS$
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME} !-f
RewriteRule ^/home/web/ssl-site/(.*)$ http://127.0.0.1:8080/$1 [NE,P,L]
</Location>
- following is an example additional vhost for your internal network that will allow direct access without needing to know the webroot parameter:
Code: Select all
<VirtualHost 192.168.10.1:80>
ServerAdmin webmaster@localhost
ServerName domoticz.homenet.local
ServerAlias domoticz
ErrorLog /var/log/apache2/domoticz-error.log
CustomLog /var/log/apache2/domoticz-access.log combined
ServerSignature On
RewriteEngine on
RewriteRule ^/$ /domoticz/ [R,L]
RewriteRule ^/#.*$ /domoticz/ [R,L]
RewriteCond %{REMOTE_ADDR} !^192\.168\.10\.1$
RewriteCond %{REMOTE_ADDR} ^192\.168\.10\.
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME} !-f
RewriteRule ^/(.*)$ http://%{HTTP_HOST}:8080/$1 [NE,P,L]
</VirtualHost>
Re: apache redirect
Posted: Monday 06 January 2020 16:24
by fireport
Thanks fro your reply gordonb3, but something doesn't work.
After adding the webroot directive internal domoticz webserver correctly reply to internal url
http://ip/domoticz/ but when i tried accessing it using the url
http://external-ip/domoticz apache reply with error 404 and in the log i find the following entries:
Code: Select all
[Mon Jan 06 16:19:00.160148 2020] [core:info] [pid 3825925:tid 140113323095808] [client 192.168.1.1:56152] AH00128: File does not exist: /var/www/html/domoticz/
192.168.1.1 - - [06/Jan/2020:16:19:00 +0100] "GET /domoticz/ HTTP/1.1" 404 196
Any help wil be appreciated
Re: apache redirect
Posted: Monday 06 January 2020 18:50
by gordonb3
I thought you said it was https?
Anyway, I think you may be missing mod_proxy in your configuration.
Re: apache redirect
Posted: Tuesday 07 January 2020 10:24
by fireport
Sorry gordonb3, i did a mistake writing the post.
The url that i used was
https://domain/domoticz
Modproxy is loaded
Code: Select all
[root@linux httpd]# tail -f ssl_error_log|grep domo
[Tue Jan 07 10:19:45.246446 2020] [core:info] [pid 3828099:tid 140662829725440] [client 85.159.196.228:39790] AH00128: File does not exist: /var/www/html/domoticz/
Code: Select all
[root@linux httpd]# httpd -M|grep proxy
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using ::1. Set the 'ServerName' directive globally to suppress this message
proxy_module (shared)
proxy_ajp_module (shared)
proxy_balancer_module (shared)
proxy_connect_module (shared)
proxy_express_module (shared)
proxy_fcgi_module (shared)
proxy_fdpass_module (shared)
proxy_ftp_module (shared)
proxy_http_module (shared)
proxy_hcheck_module (shared)
proxy_scgi_module (shared)
proxy_uwsgi_module (shared)
proxy_wstunnel_module (shared)
proxy_http2_module (shared)
Re: apache redirect
Posted: Tuesday 07 January 2020 18:04
by gordonb3
Is that a Debian derived system? It's possible that they custom patched the Apache source files to cause a somewhat different behaviour. May also want to double check that you have mod_rewrite included as well, but seeing that long list of proxy (sub)modules that will most likely be the case.
One thing you could try is change the root reference in the last RewriteRule to be relative to webroot. i.e. change it to
Code: Select all
RewriteRule ^(.*)$ http://127.0.0.1:8080/$1 [NE,P,L]
Re: apache redirect
Posted: Tuesday 07 January 2020 19:28
by fireport
Sorry, but also second suggestion doesn't work.
I'm wondering why apache tries to connect to /var/www/html/domoticz/ instead of
http://127.0.0.1:8080/domoticz
Code: Select all
[Tue Jan 07 19:22:15.051009 2020] [core:info] [pid 27558:tid 139700547331840] [client 192.168.1.1:37176] AH00128: File does not exist: /var/www/html/domoticz/
192.168.1.1 - - [07/Jan/2020:19:22:15 +0100] "GET /domoticz/ HTTP/1.1" 404 196
[07/Jan/2020:19:22:15 +0100] 192.168.1.1 TLSv1.3 TLS_AES_256_GCM_SHA384 "GET /domoticz/ HTTP/1.1" 196
Re: apache redirect
Posted: Tuesday 07 January 2020 20:50
by gordonb3
Well, that's not a big mystery. It means that the rewrite is not processed (correctly) and thus it tries to find the file from the URI within the regular web root.
Did you try create the internal vhost as suggested in the #3 example? This could help identify whether the issue is caused by some other setting in your SSL enabled vhost or in the rewrite method itself.
Re: apache redirect [SOLVED]
Posted: Wednesday 08 January 2020 21:35
by fireport
Hi gordonb3,
thanks for your effort.
I solved my problem using this configuration:
Code: Select all
ProxyPass /domoticz/json ws://127.0.0.1:8080/domoticz/json
ProxyPassReverse /domoticz/json ws://127.0.0.1:8080/domoticz/json
ProxyPass /domoticz http://127.0.0.1:8080/domoticz
ProxyPassReverse /domoticz http://127.0.0.1:8080/domoticz
Now i can access domoticz using https//external-ip/domoticz.
Your suggestion about webroot was very precious.
