I spent a considerable amount of time trying to figure out how to get Newznab behind a Apache reverse proxy. Unlike SABnzbd, Sickbeard, CouchPotato or Headphones there was no web_root, url_base or http_root for Newznab to use with a reverse proxy. Just with my luck too, there is very little documentation available online on this subject.
 
So after reading a ton of Apache whitepapers, I found the alias command and alas had a solution that works time and time again. I tested everything on Ubuntu Servers running version 12.10(Quantal).
 
There is really only three pieces to this,

  • A frontend Apache reverse proxy.
  • A backend Apache server running Newznab.
  • Your .htaccess in the wwwroot of the Newznab server.

Prerequisites

[divider style=”thin”]
 
If you already have your Apache installed/setup and your SSL certicates in place, you can skip this step.
 
Apache Installation:
[crayon attributes]
sudo apt-get install apache2
sudo a2enmod proxy
sudo a2enmod proxy_http
sudo a2enmod rewrite
sudo a2enmod ssl
[/crayon]
 
Self signed SSL certificates creation:
[crayon attributes]
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache.key -out /etc/ssl/certs/apache.crt
[/crayon]

Basic Configuration

[divider style=”thin”]
 
Frontend Apache reverse proxy and it’s VirtualHost config in /etc/apache2/sites-available/newznab.publicdomain.com:
[crayon attributes]

ServerAdmin admin@publicdomain.com
ServerName newznab.publicdomain.com

SSLEngine On
SSLCertificateFile /etc/ssl/certs/apache.crt
SSLCertificateKeyFile /etc/ssl/private/apache.key

ProxyRequests Off
ProxyPreserveHost On

ProxyPass /newznab http://servername.internaldomain.local/newznab
ProxyPassReverse /newznab http://servername.internaldomain.local/newznab

ErrorLog /var/log/apache2/error.log
LogLevel warn

[/crayon]
Backend Apache actually running Newznab and it’s VirtualHost config in /etc/apache2/sites-available/newznab:
[crayon attributes]

ServerAdmin admin@domain.com
ServerName localhost

ErrorLog /var/log/apache2/error.log
LogLevel warn

DocumentRoot /var/www/newznab/www/

Alias /newznab /var/www/newznab/www

Options FollowSymLinks
AllowOverride All


[/crayon]
.htaccess in the wwwroot of your actual Newznab server /var/www/newznab/www/.htaccess:
[crayon attributes]
RewriteEngine on
RewriteBase /newznab

# Do not process images or CSS files further
RewriteRule \.(css|jpe?g|gif|png|js|ico|mp3|ogg)$ – [L]

# Leave /admin and /install static
RewriteRule ^(admin|install|newzdash).*$ – [L]

# Rewrite web pages to one master page
RewriteRule ^([^/\.]+)/?$ index.php?page=$1 [QSA,L]
RewriteRule ^([^/\.]+)/([^/]+)/?$ index.php?page=$1&id=$2 [QSA,L]
RewriteRule ^([^/\.]+)/([^/]+)/([^/]+)/? index.php?page=$1&id=$2&subpage=$3 [QSA,L]
[/crayon]

Advance Configuration

[divider style=”thin”]
 
Now I personally like stepping it up a bit with my configurations, so if you feel the urge you’re more than welcome to join me. In these configurations, I always use HTTPS/SSL (even to my backend servers). I also use publicly signed SSL certificate for my frontend reverse proxy and self signed SSL certificates for all my backend servers. Lastly, I always want to use HTTPS… so I use a rewrite rule to step up to HTTPS from HTTP.
 
Frontend Apache reverse proxy and it’s VirtualHost config in /etc/apache2/sites-available/proxy.publicdomain.com:
[crayon attributes]

RewriteEngine on
ReWriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]


ServerAdmin admin@domain.com
ServerName proxy.publicdomain.com

ProxyRequests Off
ProxyPreserveHost On


Order deny,allow
Allow from all


Order allow,deny
Allow from all

SSLEngine On
SSLProxyEngine On
SSLCertificateFile /etc/ssl/certs/apache.crt
SSLCertificateKeyFile /etc/ssl/private/apache.key

ProxyPass /newznab https://servername.internaldomain.local/newznab
ProxyPassReverse /newznab https://servername.internaldomain.local/newznab

ProxyPass /sabnzbd https://servername.internaldomain.local/sabnzbd
ProxyPassReverse /sabnzbd https://servername.internaldomain.local/sabnzbd

ProxyPass /sickbeard https://servername.internaldomain.local/sickbeard
ProxyPassReverse /sickbeard https://servername.internaldomain.local/sickbeard

ProxyPass /couchpotato https://servername.internaldomain.local/couchpotato
ProxyPassReverse /couchpotato https://servername.internaldomain.local/couchpotato

ProxyPass /headphones https://servername.internaldomain.local/headphones
ProxyPassReverse /headphones https://servername.internaldomain.local/headphones

ErrorLog /var/log/apache2/error.log
LogLevel warn

[/crayon]
Backend Apache actually running Newznab and it’s VirtualHost config in /etc/apache2/sites-available/newznab:
[crayon attributes]

RewriteEngine on
ReWriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]


ServerAdmin admin@domain.com
ServerName localhost

ProxyRequests Off
ProxyPreserveHost On


Order deny,allow
Allow from all


Order allow,deny
Allow from all

SSLEngine On
SSLProxyEngine On
SSLCertificateFile /etc/ssl/certs/apache.crt
SSLCertificateKeyFile /etc/ssl/private/apache.key

ErrorLog /var/log/apache2/error.log
LogLevel warn

DocumentRoot /var/www/newznab/www/

Alias /nzbs /var/www/newznab/www

Options FollowSymLinks
AllowOverride All


[/crayon]
.htaccess in the wwwroot of your actual Newznab server /var/www/newznab/www/.htaccess:
[crayon attributes]
RewriteEngine on
RewriteBase /newznab

# Do not process images or CSS files further
RewriteRule \.(css|jpe?g|gif|png|js|ico|mp3|ogg)$ – [L]

# Leave /admin and /install static
RewriteRule ^(admin|install|newzdash).*$ – [L]

# Rewrite web pages to one master page
RewriteRule ^([^/\.]+)/?$ index.php?page=$1 [QSA,L]
RewriteRule ^([^/\.]+)/([^/]+)/?$ index.php?page=$1&id=$2 [QSA,L]
RewriteRule ^([^/\.]+)/([^/]+)/([^/]+)/? index.php?page=$1&id=$2&subpage=$3 [QSA,L]
[/crayon]

Optional Configuration

[divider style=”thin”]
 
For those of you looking or interested in my VirtualHost configuration for my SABnzbd, Sickbeard, CouchPotato and Headphones server. Here is what I used to add them behind my reverse proxy.
[crayon attributes]

RewriteEngine on
ReWriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]


ServerAdmin admin@domain.com
ServerName localhost

ProxyRequests Off
ProxyPreserveHost On


Order deny,allow
Allow from all


Order allow,deny
Allow from all

SSLEngine On
SSLProxyEngine On
SSLCertificateFile /etc/ssl/certs/apache.crt
SSLCertificateKeyFile /etc/ssl/private/apache.key

ProxyPass /sabnzbd https://localhost:9090/sabnzbd
ProxyPassReverse /sabnzbd https://localhost:9090/sabnzbd

ProxyPass /sickbeard https://localhost:8081/sickbeard
ProxyPassReverse /sickbeard https://localhost:8081/sickbeard

ProxyPass /couchpotato http://localhost:5050/couchpotato
ProxyPassReverse /couchpotato http://localhost:5050/couchpotato

ProxyPass /headphones http://localhost:8181/headphones
ProxyPassReverse /headphones http://localhost:8181/headphones

ErrorLog /var/log/apache2/error.log
LogLevel warn

[/crayon]
For SickBeard, CouchPotato and Headphones you’ll need to make three small changes while the services are STOPPED.
 
SickBeard
[crayon attributes]
nano /opt/sickbeard/config.ini
from web_root =
to web_root = /sickbeard
[/crayon]
 
CouchPotato
[crayon attributes]
nano /opt/couchpotato/config.ini
from url_base =
to url_base = /couchpotato
[/crayon]
 
Headphones
[crayon attributes]
nano /opt/headphones/config.ini
from http_root =
to http_root = /headphones
[/crayon]

Conclusion

[divider style=”thin”]
If you’re like me and go with the more advance configuration and the optional setup. You can now browse any of the following URLs.

  • proxy.publicdomain.com/newznab
  • proxy.publicdomain.com/sabnzbd
  • proxy.publicdomain.com/sickbeard
  • proxy.publicdomain.com/couchpotato
  • proxy.publicdomain.com/headphones

Plus you don’t have to remember to type the HTTPS because of your new Apache rewrite rules that will automatically add HTTPS for you or your users!