I spent a considerable amount of time trying to figure out how to get Newznab behind a Apache reverse proxy. Unlike SABnzbd, Sickbeard, CouchPotato or Headphones there was no web_root, url_base or http_root for Newznab to use with a reverse proxy. Just with my luck too, there is very little documentation available online on this subject.
So after reading a ton of Apache whitepapers, I found the alias command and alas had a solution that works time and time again. I tested everything on Ubuntu Servers running version 12.10(Quantal).
There is really only three pieces to this,
- A frontend Apache reverse proxy.
- A backend Apache server running Newznab.
- Your .htaccess in the wwwroot of the Newznab server.
Prerequisites
[divider style=”thin”]
If you already have your Apache installed/setup and your SSL certicates in place, you can skip this step.
Apache Installation:
[crayon attributes]
sudo apt-get install apache2
sudo a2enmod proxy
sudo a2enmod proxy_http
sudo a2enmod rewrite
sudo a2enmod ssl
[/crayon]
Self signed SSL certificates creation:
[crayon attributes]
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache.key -out /etc/ssl/certs/apache.crt
[/crayon]
Basic Configuration
[divider style=”thin”]
Frontend Apache reverse proxy and it’s VirtualHost config in /etc/apache2/sites-available/newznab.publicdomain.com:
[crayon attributes]
ServerAdmin admin@publicdomain.com
ServerName newznab.publicdomain.com
SSLEngine On
SSLCertificateFile /etc/ssl/certs/apache.crt
SSLCertificateKeyFile /etc/ssl/private/apache.key
ProxyRequests Off
ProxyPreserveHost On
ProxyPass /newznab http://servername.internaldomain.local/newznab
ProxyPassReverse /newznab http://servername.internaldomain.local/newznab
ErrorLog /var/log/apache2/error.log
LogLevel warn
[/crayon]
Backend Apache actually running Newznab and it’s VirtualHost config in /etc/apache2/sites-available/newznab:
[crayon attributes]
ServerAdmin admin@domain.com
ServerName localhost
ErrorLog /var/log/apache2/error.log
LogLevel warn
DocumentRoot /var/www/newznab/www/
Alias /newznab /var/www/newznab/www
Options FollowSymLinks
AllowOverride All
[/crayon]
.htaccess in the wwwroot of your actual Newznab server /var/www/newznab/www/.htaccess:
[crayon attributes]
RewriteEngine on
RewriteBase /newznab
# Do not process images or CSS files further
RewriteRule \.(css|jpe?g|gif|png|js|ico|mp3|ogg)$ – [L]
# Leave /admin and /install static
RewriteRule ^(admin|install|newzdash).*$ – [L]
# Rewrite web pages to one master page
RewriteRule ^([^/\.]+)/?$ index.php?page=$1 [QSA,L]
RewriteRule ^([^/\.]+)/([^/]+)/?$ index.php?page=$1&id=$2 [QSA,L]
RewriteRule ^([^/\.]+)/([^/]+)/([^/]+)/? index.php?page=$1&id=$2&subpage=$3 [QSA,L]
[/crayon]
Advance Configuration
[divider style=”thin”]
Now I personally like stepping it up a bit with my configurations, so if you feel the urge you’re more than welcome to join me. In these configurations, I always use HTTPS/SSL (even to my backend servers). I also use publicly signed SSL certificate for my frontend reverse proxy and self signed SSL certificates for all my backend servers. Lastly, I always want to use HTTPS… so I use a rewrite rule to step up to HTTPS from HTTP.
Frontend Apache reverse proxy and it’s VirtualHost config in /etc/apache2/sites-available/proxy.publicdomain.com:
[crayon attributes]
RewriteEngine on
ReWriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
ServerAdmin admin@domain.com
ServerName proxy.publicdomain.com
ProxyRequests Off
ProxyPreserveHost On
Order deny,allow
Allow from all
Order allow,deny
Allow from all
SSLEngine On
SSLProxyEngine On
SSLCertificateFile /etc/ssl/certs/apache.crt
SSLCertificateKeyFile /etc/ssl/private/apache.key
ProxyPass /newznab https://servername.internaldomain.local/newznab
ProxyPassReverse /newznab https://servername.internaldomain.local/newznab
ProxyPass /sabnzbd https://servername.internaldomain.local/sabnzbd
ProxyPassReverse /sabnzbd https://servername.internaldomain.local/sabnzbd
ProxyPass /sickbeard https://servername.internaldomain.local/sickbeard
ProxyPassReverse /sickbeard https://servername.internaldomain.local/sickbeard
ProxyPass /couchpotato https://servername.internaldomain.local/couchpotato
ProxyPassReverse /couchpotato https://servername.internaldomain.local/couchpotato
ProxyPass /headphones https://servername.internaldomain.local/headphones
ProxyPassReverse /headphones https://servername.internaldomain.local/headphones
ErrorLog /var/log/apache2/error.log
LogLevel warn
[/crayon]
Backend Apache actually running Newznab and it’s VirtualHost config in /etc/apache2/sites-available/newznab:
[crayon attributes]
RewriteEngine on
ReWriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
ServerAdmin admin@domain.com
ServerName localhost
ProxyRequests Off
ProxyPreserveHost On
Order deny,allow
Allow from all
Order allow,deny
Allow from all
SSLEngine On
SSLProxyEngine On
SSLCertificateFile /etc/ssl/certs/apache.crt
SSLCertificateKeyFile /etc/ssl/private/apache.key
ErrorLog /var/log/apache2/error.log
LogLevel warn
DocumentRoot /var/www/newznab/www/
Alias /nzbs /var/www/newznab/www
Options FollowSymLinks
AllowOverride All
[/crayon]
.htaccess in the wwwroot of your actual Newznab server /var/www/newznab/www/.htaccess:
[crayon attributes]
RewriteEngine on
RewriteBase /newznab
# Do not process images or CSS files further
RewriteRule \.(css|jpe?g|gif|png|js|ico|mp3|ogg)$ – [L]
# Leave /admin and /install static
RewriteRule ^(admin|install|newzdash).*$ – [L]
# Rewrite web pages to one master page
RewriteRule ^([^/\.]+)/?$ index.php?page=$1 [QSA,L]
RewriteRule ^([^/\.]+)/([^/]+)/?$ index.php?page=$1&id=$2 [QSA,L]
RewriteRule ^([^/\.]+)/([^/]+)/([^/]+)/? index.php?page=$1&id=$2&subpage=$3 [QSA,L]
[/crayon]
Optional Configuration
[divider style=”thin”]
For those of you looking or interested in my VirtualHost configuration for my SABnzbd, Sickbeard, CouchPotato and Headphones server. Here is what I used to add them behind my reverse proxy.
[crayon attributes]
RewriteEngine on
ReWriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
ServerAdmin admin@domain.com
ServerName localhost
ProxyRequests Off
ProxyPreserveHost On
Order deny,allow
Allow from all
Order allow,deny
Allow from all
SSLEngine On
SSLProxyEngine On
SSLCertificateFile /etc/ssl/certs/apache.crt
SSLCertificateKeyFile /etc/ssl/private/apache.key
ProxyPass /sabnzbd https://localhost:9090/sabnzbd
ProxyPassReverse /sabnzbd https://localhost:9090/sabnzbd
ProxyPass /sickbeard https://localhost:8081/sickbeard
ProxyPassReverse /sickbeard https://localhost:8081/sickbeard
ProxyPass /couchpotato http://localhost:5050/couchpotato
ProxyPassReverse /couchpotato http://localhost:5050/couchpotato
ProxyPass /headphones http://localhost:8181/headphones
ProxyPassReverse /headphones http://localhost:8181/headphones
ErrorLog /var/log/apache2/error.log
LogLevel warn
[/crayon]
For SickBeard, CouchPotato and Headphones you’ll need to make three small changes while the services are STOPPED.
SickBeard
[crayon attributes]
nano /opt/sickbeard/config.ini
from web_root =
to web_root = /sickbeard
[/crayon]
CouchPotato
[crayon attributes]
nano /opt/couchpotato/config.ini
from url_base =
to url_base = /couchpotato
[/crayon]
Headphones
[crayon attributes]
nano /opt/headphones/config.ini
from http_root =
to http_root = /headphones
[/crayon]
Conclusion
[divider style=”thin”]
If you’re like me and go with the more advance configuration and the optional setup. You can now browse any of the following URLs.
- proxy.publicdomain.com/newznab
- proxy.publicdomain.com/sabnzbd
- proxy.publicdomain.com/sickbeard
- proxy.publicdomain.com/couchpotato
- proxy.publicdomain.com/headphones
Plus you don’t have to remember to type the HTTPS because of your new Apache rewrite rules that will automatically add HTTPS for you or your users!
I’ve got a question about newznab.
I’ve got apache setup as SSL proxy, to a non SSL newznab.
some things don’t quite work on the site, any ideas?
How is your Newznab SABnzbd Integration setup? Is Newznab and SABnzbd on the same server?
For me they are on different servers, so I went to my Profile on Newznab and edited it to have the URL of my SABnzbd server to be https://hostname.domain.local/sabnzbd/ and entered my Nzb API key (doesn’t need full contol) for SABnzbd. Also I made the Storage method Site, so I can login from anywhere and use the Send to Sab feature.
That did the trick for me and now I’m able to use Send to Sab internally and externally. let me know if that helps.
Hi,
i have added exactly the same configuration, however, the login form is redirecting me to https://tld/newznab/newznab which obviously can’t be found. However, when i edit the URL in the address bar and remove the second newznab, it loads fine, and i am logged in.
Do you know a solution of how to modify the login form to redirect me to https://tld/newznab instead of /newznab/newznab?
Hey Tatonka,
Let’s break it down and do a little testing.
For your backend Apache server VirtualHost config use,
[crayon attributes]
Alias /test /var/www/newznab/www
[/crayon]
Also for your Newznab .htaccess config use,
[crayon attributes]
RewriteBase /test
[/crayon]
Once you complete the above changes reload Apache by,
[crayon attributes]
sudo service apache2 reload
[/crayon]
If you still experiance the problem but with a URL of https://domain.com/test/newznab instead, then there is most likely a problem with your Newznab site settings. So login to your Newznab server and check under Admin > Edit Site and then check the Default Home Page and make sure it’s just “/” without the quotes. My guess is maybe you have it set to “/newznab”.
Please let me know if any of this fixes your problem.