How to have Newznab behind a Apache reverse proxy
I spent a considerable amount of time trying to figure out how to get Newznab behind a Apache reverse proxy. Unlike SABnzbd, Sickbeard, CouchPotato or Headphones there was no web_root, url_base or http_root for Newznab to use with a reverse proxy. Just with my luck too, there is very little documentation available online on this subject.
So after reading a ton of Apache whitepapers, I found the alias command and alas had a solution that works time and time again. I tested everything on Ubuntu Servers running version 12.10(Quantal).
There is really only three pieces to this,
- A frontend Apache reverse proxy.
- A backend Apache server running Newznab.
- Your .htaccess in the wwwroot of the Newznab server.
Prerequisites
If you already have your Apache installed/setup and your SSL certicates in place, you can skip this step.
Apache Installation:
1 2 3 4 5 |
sudo apt-get install apache2 sudo a2enmod proxy sudo a2enmod proxy_http sudo a2enmod rewrite sudo a2enmod ssl |
Self signed SSL certificates creation:
1 |
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache.key -out /etc/ssl/certs/apache.crt |
Basic Configuration
Frontend Apache reverse proxy and it's VirtualHost config in /etc/apache2/sites-available/newznab.publicdomain.com:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
<VirtualHost *:443> ServerAdmin admin@publicdomain.com ServerName newznab.publicdomain.com SSLEngine On SSLCertificateFile /etc/ssl/certs/apache.crt SSLCertificateKeyFile /etc/ssl/private/apache.key ProxyRequests Off ProxyPreserveHost On ProxyPass /newznab http://servername.internaldomain.local/newznab ProxyPassReverse /newznab http://servername.internaldomain.local/newznab ErrorLog /var/log/apache2/error.log LogLevel warn </VirtualHost> |
Backend Apache actually running Newznab and it's VirtualHost config in /etc/apache2/sites-available/newznab:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
<VirtualHost *:80> ServerAdmin admin@domain.com ServerName localhost ErrorLog /var/log/apache2/error.log LogLevel warn DocumentRoot /var/www/newznab/www/ Alias /newznab /var/www/newznab/www <Directory /var/www/newznab/www/> Options FollowSymLinks AllowOverride All </Directory> </VirtualHost> |
.htaccess in the wwwroot of your actual Newznab server /var/www/newznab/www/.htaccess:
1 2 3 4 5 6 7 8 9 10 11 12 13 |
RewriteEngine on RewriteBase /newznab # Do not process images or CSS files further RewriteRule \.(css|jpe?g|gif|png|js|ico|mp3|ogg)$ - [L] # Leave /admin and /install static RewriteRule ^(admin|install|newzdash).*$ - [L] # Rewrite web pages to one master page RewriteRule ^([^/\.]+)/?$ index.php?page=$1 [QSA,L] RewriteRule ^([^/\.]+)/([^/]+)/?$ index.php?page=$1&id=$2 [QSA,L] RewriteRule ^([^/\.]+)/([^/]+)/([^/]+)/? index.php?page=$1&id=$2&subpage=$3 [QSA,L] |
Advance Configuration
Now I personally like stepping it up a bit with my configurations, so if you feel the urge you're more than welcome to join me. In these configurations, I always use HTTPS/SSL (even to my backend servers). I also use publicly signed SSL certificate for my frontend reverse proxy and self signed SSL certificates for all my backend servers. Lastly, I always want to use HTTPS... so I use a rewrite rule to step up to HTTPS from HTTP.
Frontend Apache reverse proxy and it's VirtualHost config in /etc/apache2/sites-available/proxy.publicdomain.com:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 |
<VirtualHost *:80> RewriteEngine on ReWriteCond %{SERVER_PORT} !^443$ RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L] </VirtualHost> <VirtualHost *:443> ServerAdmin admin@domain.com ServerName proxy.publicdomain.com ProxyRequests Off ProxyPreserveHost On <Proxy *> Order deny,allow Allow from all </Proxy> <Location /> Order allow,deny Allow from all </Location> SSLEngine On SSLProxyEngine On SSLCertificateFile /etc/ssl/certs/apache.crt SSLCertificateKeyFile /etc/ssl/private/apache.key ProxyPass /newznab https://servername.internaldomain.local/newznab ProxyPassReverse /newznab https://servername.internaldomain.local/newznab ProxyPass /sabnzbd https://servername.internaldomain.local/sabnzbd ProxyPassReverse /sabnzbd https://servername.internaldomain.local/sabnzbd ProxyPass /sickbeard https://servername.internaldomain.local/sickbeard ProxyPassReverse /sickbeard https://servername.internaldomain.local/sickbeard ProxyPass /couchpotato https://servername.internaldomain.local/couchpotato ProxyPassReverse /couchpotato https://servername.internaldomain.local/couchpotato ProxyPass /headphones https://servername.internaldomain.local/headphones ProxyPassReverse /headphones https://servername.internaldomain.local/headphones ErrorLog /var/log/apache2/error.log LogLevel warn </VirtualHost> |
Backend Apache actually running Newznab and it's VirtualHost config in /etc/apache2/sites-available/newznab:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 |
<VirtualHost *:80> RewriteEngine on ReWriteCond %{SERVER_PORT} !^443$ RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L] </VirtualHost> <VirtualHost *:443> ServerAdmin admin@domain.com ServerName localhost ProxyRequests Off ProxyPreserveHost On <Proxy *> Order deny,allow Allow from all </Proxy> <Location /> Order allow,deny Allow from all </Location> SSLEngine On SSLProxyEngine On SSLCertificateFile /etc/ssl/certs/apache.crt SSLCertificateKeyFile /etc/ssl/private/apache.key ErrorLog /var/log/apache2/error.log LogLevel warn DocumentRoot /var/www/newznab/www/ Alias /nzbs /var/www/newznab/www <Directory /var/www/newznab/www/> Options FollowSymLinks AllowOverride All </Directory> </VirtualHost> |
.htaccess in the wwwroot of your actual Newznab server /var/www/newznab/www/.htaccess:
1 2 3 4 5 6 7 8 9 10 11 12 13 |
RewriteEngine on RewriteBase /newznab # Do not process images or CSS files further RewriteRule \.(css|jpe?g|gif|png|js|ico|mp3|ogg)$ - [L] # Leave /admin and /install static RewriteRule ^(admin|install|newzdash).*$ - [L] # Rewrite web pages to one master page RewriteRule ^([^/\.]+)/?$ index.php?page=$1 [QSA,L] RewriteRule ^([^/\.]+)/([^/]+)/?$ index.php?page=$1&id=$2 [QSA,L] RewriteRule ^([^/\.]+)/([^/]+)/([^/]+)/? index.php?page=$1&id=$2&subpage=$3 [QSA,L] |
Optional Configuration
For those of you looking or interested in my VirtualHost configuration for my SABnzbd, Sickbeard, CouchPotato and Headphones server. Here is what I used to add them behind my reverse proxy.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 |
<VirtualHost *:80> RewriteEngine on ReWriteCond %{SERVER_PORT} !^443$ RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L] </VirtualHost> <VirtualHost *:443> ServerAdmin admin@domain.com ServerName localhost ProxyRequests Off ProxyPreserveHost On <Proxy *> Order deny,allow Allow from all </Proxy> <Location /> Order allow,deny Allow from all </Location> SSLEngine On SSLProxyEngine On SSLCertificateFile /etc/ssl/certs/apache.crt SSLCertificateKeyFile /etc/ssl/private/apache.key ProxyPass /sabnzbd https://localhost:9090/sabnzbd ProxyPassReverse /sabnzbd https://localhost:9090/sabnzbd ProxyPass /sickbeard https://localhost:8081/sickbeard ProxyPassReverse /sickbeard https://localhost:8081/sickbeard ProxyPass /couchpotato http://localhost:5050/couchpotato ProxyPassReverse /couchpotato http://localhost:5050/couchpotato ProxyPass /headphones http://localhost:8181/headphones ProxyPassReverse /headphones http://localhost:8181/headphones ErrorLog /var/log/apache2/error.log LogLevel warn </VirtualHost> |
For SickBeard, CouchPotato and Headphones you'll need to make three small changes while the services are STOPPED.
SickBeard
1 2 3 |
nano /opt/sickbeard/config.ini from web_root = to web_root = /sickbeard |
CouchPotato
1 2 3 |
nano /opt/couchpotato/config.ini from url_base = to url_base = /couchpotato |
Headphones
1 2 3 |
nano /opt/headphones/config.ini from http_root = to http_root = /headphones |
Conclusion
If you're like me and go with the more advance configuration and the optional setup. You can now browse any of the following URLs.
- proxy.publicdomain.com/newznab
- proxy.publicdomain.com/sabnzbd
- proxy.publicdomain.com/sickbeard
- proxy.publicdomain.com/couchpotato
- proxy.publicdomain.com/headphones
Plus you don't have to remember to type the HTTPS because of your new Apache rewrite rules that will automatically add HTTPS for you or your users!