NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Need help creating a Virtual Host to forward web requests to another port
I am using my ReadyNAS to run Plex Media Server. In order to serve media to my Apple TV I use PlexConnect to interface between my ATV and Plex. It traps calls to trailers.apple.com allowing my media to play. The AppleTV makes calls on port 80 and PlexConnect runs on port 80.
Since I still need to run Apache on my NAS for the admin interface (installs, upgrades, maint, config, etc...) I am at odds.
I am new to Linux but have easily gotten PlexConnect to operate using ports 81 and 8443 as opposed to 80 and 443. What I do not know how to do is to configure Apache 2 to send web requests bound for trailers.apple.com as a virtual host on the same machine but different ports. So my issue is Apache 2 VirtualHost configuration.
TO be clear, When my ATV sends a request to my NAS at 192.168.2.4:80 for the trailers.apple.com domain, I need Apache 2 to:
Recognize and answer that request
Forward it to a different port ( :81 ) on same IP
I have read that there is a ProxyPass statement but all examples say that is for a different machine.
How do I create the trailers.apple.com virtual host and how can I forward it?
Thank you in advance for any assistance.
ReadyNAS 516 Series 24Tb
Generally speaking, what you'd need are VHosts looking roughly like this:
<VirtualHost *:80>
ServerName trailers.apple.com
ProxyPass / http://192.168.2.4:81/
ProxyPassReverse / http://192.168.2.4:81/
</VirtualHost>
<VirtualHost *:443>
ServerName trailers.apple.com
AllowCONNECT 8443
ProxyPass / https://192.168.2.4:8443/
ProxyPassReverse / https://192.168.2.4:8443/
</VirtualHost>
Maybe you also need to add "ProxyPreserveHost On" to the statements above. For proxying to work it doesn't matter whether the target is on the same or on a different host. Most examples just use a different host because that's the most common use case.
Your major problem, however, will be to redirect requests for "trailers.apple.com" to the ReadyNAS in the first place, e.g. to make your ATV actually send the requests to the ReadyNAS. For that to work you'll either need a local DNS server and tell the ATV to use that one instead of whatever DNS server it is using by default or you need to add an entry for your ReadyNAS's IP to the local "/etc/hosts" file on the ATV.
3 Replies
Replies have been turned off for this discussion
Generally speaking, what you'd need are VHosts looking roughly like this:
<VirtualHost *:80>
ServerName trailers.apple.com
ProxyPass / http://192.168.2.4:81/
ProxyPassReverse / http://192.168.2.4:81/
</VirtualHost>
<VirtualHost *:443>
ServerName trailers.apple.com
AllowCONNECT 8443
ProxyPass / https://192.168.2.4:8443/
ProxyPassReverse / https://192.168.2.4:8443/
</VirtualHost>
Maybe you also need to add "ProxyPreserveHost On" to the statements above. For proxying to work it doesn't matter whether the target is on the same or on a different host. Most examples just use a different host because that's the most common use case.
Your major problem, however, will be to redirect requests for "trailers.apple.com" to the ReadyNAS in the first place, e.g. to make your ATV actually send the requests to the ReadyNAS. For that to work you'll either need a local DNS server and tell the ATV to use that one instead of whatever DNS server it is using by default or you need to add an entry for your ReadyNAS's IP to the local "/etc/hosts" file on the ATV.
I try to do something similar. Without touching my firewall / routing tables I'd like to be able to access several apps from the outside.
- I can access the ReadyNas at https://home.myname.com (which redirects to the admin page)
- I have several apps (like SabNZBd, Symform) that can be reached from within the LAN via http://mynas:<port>
- I want to access those apps from the outside, for example via https://home.myname.com/appname on the default port (443 in this case)
I guess something like this should be added to a VirtualHosts setting:
ProxyPreserveHost On
AllowCONNECT 59234
ProxyPass /symform http://127.0.0.1:59234
ProxyPassReverse /symform http://127.0.0.1:59234I've tried several files to add this code. Something did change when I added this in /etc/apache2/sites-enabled/000-fv-https (and restarted the apache service afterwards), but unfortunately I got a 501.
(How) can this be done?
Bonus question: What are the security risks / how to avoid those?
miels wrote:
(How) can this be done?
I'll pass on this one. Presently I forward ports in the NAS, and I am moving towards OpenVPN. If I wanted to do this with a DDNS service, I'd probably go with a paid service that can forward 443 traffic to other ports (with a different DDNS name for each). Then forward those other ports in my router. Much easier than messing with the apache configuration, and less likely to create problems when updating firmware, etc.
miels wrote:
Bonus question: What are the security risks / how to avoid those?
The main security risk is that the attack surface expands to include all the apps you expose. All their vulnerabilities (whatever they are) are exposed to the internet. The only way to really avoid this is to use a VPN - then the attack surface is just the VPN. Weak encryption, and most other vulnerabilities are easier to prevent if you do that. All that's preventing me from going to OpenVPN 100% is the lack of mobile device support (TUN) in the Netgear router's openvpn package.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
