Skip to content

Configuring a reverse proxy

Jump to bottom Edit New page
Sam Stenvall edited this page Jul 11, 2019 · 3 revisions

When configuring a backend, you'll notice the "Proxy Location" setting. Without it, all requests to the XBMC API (including the URLs to your movies and TV shows) are in the form of http://user:pass@hostname:port/vfs/pathtomovie.mkv. This means that in order to use the application over the Internet you'd have to forward the right port (usually 8080) to the machine running XBMC in addition to forwarding port 80 to the machine running XBMC Video Server. It also means you'd be exposing the XBMC API credentials to anyone using your application.

To avoid this we can tell Apache (the actual web server) to forward requests on a particular location (/xbmc-vfs in these examples) to http://user:pass@hostname:port/vfs. This way your API credentials won't leak through the media URLs.

Benefits

There are various issues that can be solved by using a reverse proxy:

  • XBMC credentials are not exposed through the media URLs
  • External use will work even if the backend is configured with an internal IP address
  • Clicking the "Download" links in Internet Explorer won't require you to enter the API credentials
  • Clicking the "Download" link in Firefox will correctly open the "Save file as" dialog like it should

Example

Let's say you have installed XBMC Video Server on one machine (http://xbmc-video-server.example.com/xbmc-video-server/) and XBMC is running on a different machine (http://xbmc.example.com:8080/). What we want to do is forward requests on http://xbmc-video-server.example.com/xbmc-vfs to http://xbmc.example.com:8080/vfs.

Configuring a reverse proxy (Linux)

  1. Open the file /etc/apache2/sites-available/default (/etc/apache2/sites-available/000-default.conf on newer Ubuntu versions) and add the following inside the <VirtualHost *:80> block:
	AllowEncodedSlashes On
	
	<Location /xbmc-vfs>
		ProxyPass http://xbmc.example.com:8080/vfs nocanon
		RequestHeader set Authorization "Basic eGJtYzp4Ym1j"
	</Location>

Replace /xbmc-vfs by anything you like, preferably something non-guessable (see Security implications). Then, replace xbmc.example.com:8080 with the IP address/hostname and port of the machine that runs XBMC. Finally, replace eGJtYzp4Ym1j with your username:password encoded as Base64 (e.g. xbmc:mysecret -> eGJtYzpteXNlY3JldA==).

  1. Save the file and run sudo a2enmod headers proxy_http && sudo service apache2 restart
  2. In XBMC Video Server, go to Settings -> Backends -> Update and put /xbmc-vfs in the "Proxy location" field.

Configuring a reverse proxy (Windows)

  1. Open C:\xampp\apache\conf\httpd.conf and remove the leading hashtag from the line #LoadModule proxy_http_module. Save the file.
  2. Open C:\xampp\apache\conf\extra\httpd-proxy.conf. Remove everything between the two <IfModule> sections, then add the following instead:
AllowEncodedSlashes On

<Location "/xbmc-vfs">
    ProxyPass http://gorbachov.negge.fi:8080/vfs nocanon
    RequestHeader set Authorization "Basic eGJtYzp4Ym1jMQ=="
</Location>

See the Linux instructions on what the values mean and what you should replace them with.

  1. Finally, open the XAMPP Control Panel and restart Apache.
  2. In XBMC Video Server, go to Settings -> Backends -> Update and put /xbmc-vfs in the "Proxy location" field.
Add a custom footer
Add a custom sidebar
Clone this wiki locally