hello, has anyone had success in running libretime behind a proxy, like apache or nginx? Ideas and experiences welcome!
hello,
yes, running libretime behind a proxy works
in our case, we have 3 instances of Libretime running in 3 LXC containers behind proxies driven by apache (see below examples of vhosts).
The only problem that remains in our configuration is that with https, the content on the home page is not shown :
Blocage du chargement du contenu mixte actif (mixed active content) http://ourdomain.org/embed/weekly-program?style=premium
Blocage du chargement du contenu mixte actif (mixed active content) http://ourdomain.org/embed/player?stream=auto&style=premium
So for typical vhosts :
<VirtualHost ourip:80>
ServerAdmin root@ourdomain.org
ServerName airX.ourdomain.org
ErrorLog ${APACHE_LOG_DIR}/airX-error.log
CustomLog ${APACHE_LOG_DIR}/airX-access.log combined
ProxyPreserveHost On
ProxyRequests Off
ProxyPass / http://10.0.3.188/
ProxyPassReverse http://10.0.3.188/ /
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
RewriteEngine on
RewriteCond %{SERVER_NAME} = ourdomain.org
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
</VirtualHost>
and
<IfModule mod_ssl.c>
<VirtualHost ourip:443>
ServerAdmin root@ourdomain.org
ServerName airX.ourdomain.org
ErrorLog ${APACHE_LOG_DIR}/airX-error.log
CustomLog ${APACHE_LOG_DIR}/airX-access.log combined
ProxyPreserveHost On
ProxyRequests Off
ProxyPass / http://10.0.3.188/
ProxyPassReverse / http://10.0.3.188/
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
SSLEngine on
SSLProxyEngine On
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/airX.ourdomain.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/airX.ourdomain.org/privkey.pem
</VirtualHost>
</IfModule>
The let’sencrypt SSL certificates remains on the 1st level server, you can use a wild card certificate to have only one for all the containers and subdomains
++
b
Thanks!
Are you sure that you need the SSLProxy* directives? I don’t see why…
I can’t get it to work, have to look deeper. When I try to login to LT through the proxy, I get the “Oops soemthing went wrong” page after sending username and password…
Hi,
not sure about the SSLProxy* directives, I’m not an apache expert
When I try to login to LT through the proxy, I get the “Oops soemthing went wrong” page after sending username and password…
so it must mean that your proxy configuration works
the “Oops something went wrong” page is an error 500 of the server, it can come from many reasons, maybe have a look at apache and airtime logs (zend, rabbitmq and +) http://libretime.org/manual/troubleshooting/
my problem so far was the allowed CORS Urls. I’ve had to add the proxy host, makes sense. so, actually the only thing needed in apache.conf for reverse proxy seems to be:
ProxyPass / http://my_internal_ip/
ProxyPassReverse / http://my_internal_ip/
next step is to add SSL…
the reason for mixed content warnings when using SSL comes from
application/views/scripts/index/index.phtml
$this->stationUrl
returns the internal Url of the server behind the proxy. Unless you use SSL also behind the proxy, you’ll have http here instead of https.
Yeah there is a feature request to fix this - https://github.com/LibreTime/libretime/issues/515
The main challenge is that LibreTime is being developed by a lot of developers that have other projects and we just do what we can to fix things in our free time.