[미완결]아파치 프록시 패스를 통한 TVH#1 보안 및 죽는 문제 해결하기

안녕하세요. 이번에는 TVH#1 WebUI 가 죽는 문제와 보안이 되어 있지 않는 문제를 해결해 보겠습니다.

사전 참고 게시글은 아래와 같습니다.

http://blog.djjproject.com/123

아파치 서버 설치

일단 아파치 서버를 설치합니다.

root@AOL-Debian:~# apt-get install apache2

Reading package lists... Done

Building dependency tree

Reading state information... Done

apache2 is already the newest version.

0 upgraded, 0 newly installed, 0 to remove and 4 not upgraded.

root@AOL-Debian:~#

아파치 서버 모듈 설치 및 활성화

root@AOL-Debian:~# apt-get install libapache2-mod-proxy-html libxml2-dev

Reading package lists... Done

Building dependency tree

Reading state information... Done

Suggested packages:

  pkg-config

The following NEW packages will be installed:

  libapache2-mod-proxy-html libxml2-dev

0 upgraded, 2 newly installed, 0 to remove and 4 not upgraded.

Need to get 631 kB of archives.

After this operation, 1,875 kB of additional disk space will be used.

Get:1 http://httpredir.debian.org/debian/ jessie/main libapache2-mod-proxy-html armhf 1:2.4.10-10+deb8u9 [1,138 B]

Get:2 http://httpredir.debian.org/debian/ jessie/main libxml2-dev armhf 2.9.1+dfsg1-5+deb8u4 [630 kB]

Fetched 631 kB in 2s (290 kB/s)

Selecting previously unselected package libapache2-mod-proxy-html.

(Reading database ... 24897 files and directories currently installed.)

Preparing to unpack .../libapache2-mod-proxy-html_1%3a2.4.10-10+deb8u9_armhf.deb ...

Unpacking libapache2-mod-proxy-html (1:2.4.10-10+deb8u9) ...

Selecting previously unselected package libxml2-dev:armhf.

Preparing to unpack .../libxml2-dev_2.9.1+dfsg1-5+deb8u4_armhf.deb ...

Unpacking libxml2-dev:armhf (2.9.1+dfsg1-5+deb8u4) ...

Processing triggers for man-db (2.7.0.2-5) ...

Setting up libapache2-mod-proxy-html (1:2.4.10-10+deb8u9) ...

Setting up libxml2-dev:armhf (2.9.1+dfsg1-5+deb8u4) ...

root@AOL-Debian:~#

root@AOL-Debian:~# a2enmod proxy proxy_ajp proxy_http rewrite deflate headers proxy_balancer proxy_connect proxy_html

Enabling module proxy.

Considering dependency proxy for proxy_ajp:

Module proxy already enabled

Enabling module proxy_ajp.

Considering dependency proxy for proxy_http:

Module proxy already enabled

Enabling module proxy_http.

Enabling module rewrite.

Considering dependency filter for deflate:

Module filter already enabled

Module deflate already enabled

Enabling module headers.

Considering dependency proxy for proxy_balancer:

Module proxy already enabled

Considering dependency alias for proxy_balancer:

Module alias already enabled

Considering dependency slotmem_shm for proxy_balancer:

Enabling module slotmem_shm.

Enabling module proxy_balancer.

Considering dependency proxy for proxy_connect:

Module proxy already enabled

Enabling module proxy_connect.

Considering dependency proxy for proxy_html:

Module proxy already enabled

Enabling module proxy_html.

To activate the new configuration, you need to run:

  service apache2 restart

root@AOL-Debian:~#

서버 재시작

root@AOL-Debian:~# service apache2 restart

[....] Restarting web server: apache2[Fri Dec 08 03:41:02.352714 2017] [proxy_html:notice] [pid 21060:tid 3059593216] AH01425: I18n support in mod_proxy_html requires mod_xml2enc. Without it, non-ASCII characters in proxied pages are likely to display incorrectly.

AH00557: apache2: apr_sockaddr_info_get() failed for AOL-Debian

AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message

. ok

root@AOL-Debian:~#

무언가 호스트 네임 관련하여 에러가 있는것 같습니다. 차후에 수정하겠습니다. 그런데 사용에는 큰 문제가 없습니다.

AH00557: apache2: apr_sockaddr_info_get() failed for AOL-Debian

가상 호스트 파일 작성하기

root@AOL-Debian:~# nano /etc/apache2/sites-available/tvh1.conf

<Virtualhost *:7100>

ProxyRequests Off

ProxyPreserveHost On

<Location />

Order allow,deny

Allow from all

ProxyPass http://127.0.0.1:19981/

ProxyPassReverse http://127.0.0.1:19981/

</Location>

</Virtualhost>

포트 설정 추가하기

root@AOL-Debian:~# nano /etc/apache2/ports.conf

# If you just change the port or add more ports here, you will likely also

# have to change the VirtualHost statement in

# /etc/apache2/sites-enabled/000-default.conf

Listen 80

Listen 8000

Listen 7000

Listen 7100

<IfModule ssl_module>

        Listen 443

</IfModule>

<IfModule mod_gnutls.c>

        Listen 443

</IfModule>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

사이트 활성화 및 서버 리로드

root@AOL-Debian:~# a2ensite tvh1.conf

Enabling site tvh1.

To activate the new configuration, you need to run:

  service apache2 reload

root@AOL-Debian:~# service apache2 reload

[ ok ] Reloading web server: apache2.

결과적으로 프록시 패스가 되지 않네요.

참고 URL

https://tvheadend.org/boards/5/topics/20739

https://tvheadend.org/boards/5/topics/21885

https://tvheadend.org/issues/1427

그런데 저는 잘 쓰고 있습니다. 4.2 버전인데요. 아래와 같이 설정한 상태입니다.

<Virtualhost *:80>

ServerName transcode.tvheadend.mydomain.com

RewriteEngine On

RewriteCond %{HTTPS} off

RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

</VirtualHost>

<VirtualHost *:443>

ServerName transcode.tvheadend.mydomain.com

ServerAlias ""

SSLEngine On

SSLCertificateFile /etc/apache2/ssl/apache.crt

SSLCertificateKeyFile /etc/apache2/ssl/apache.key

SSLProtocol +TLSv1.2

   

ProxyPreserveHost On

SSLProxyEngine On

ProxyRequests Off

RequestHeader set Front-End-Https "On"

   

<Location /> 

Order allow,deny

Allow from all

ProxyPass http://192.168.0.2:9981/

ProxyPassReverse http://192.168.0.2:9981/

</Location>

</Virtualhost>

음.. TVH#1 쪽 소스 수정이 필요할 듯 싶습니다.

일단 미완결로 남겨둡니다.

감사합니다.