Felenasoft

Hi Team,

Trying to get the trial version working properly. everything works well but I am struggling getting the web server working behind a apache SSL reverse proxy as I have a major issue with the xeoma web interface open to internet with no encryption.

Here is the setup:

Server running xeoma with webport 10090
Server also has apache installed which does a reverse proxy of the xeoma web server to 443

So

Here is my apache config:

ProxyPass /xeoma http://localhost:10090/
ProxyPassReverse /xeoma http://localhost:10090/

This allows me to access the xeoma web interface via a public ip with https. e.g https://mydomain.com/xeoma

The only issue I have is that the images from the camera feeds do not show as the links are hard coded with http and port 10090. eg

http://mydomain:10090/xeoma/video0.mjpg?fps=1&oneframe=1&resolution=320x240&user&rnd=xxxxxxxx

Can you please help with getting xeoma working behind SSL. This is the only issue I have and only item stopping me from buying a commerical license

Many thanks,

Is there a way I can force the scripts that generate the URI for the images and mjpegs to be static?

we can see in the source of the webpage:

<div id="content">
<ul id="videosources">
<li><a href="?source=68XXXXXX37322E3XXXXXXX02E3130303A31303039302F2XXXXX612F766964656F302E6D6A70673F75736572&stream=mjpeg"><img src="http://mydoamin:.com:10090/xeoma/video0.mjpg?fps=1&oneframe=1&resolution=320x240&user" onload="onImageUpdate(this)" onerror="onImageUpdate(this)" updated="0"><div>http://mydomain.com:10090/xeoma/video0.mjpg(4)</div></a></li>



is it possible to modify the javascript to force the http://mydomain.com:10090 to be https://mydomain.com:443

Ive had a look at the XeomaWeb Folder which has the scripts but I am unable to work out what would need to be modified

Hi guys,

after working some more with the apache proxy config I enabled mod_substitute to modify the links which works but the content still does not display

AddOutputFilterByType SUBSTITUTE text/html
Substitute "s|http://mydomain:10090|https://mydomain|i"

further analysis shows im getting a 404 error for some reason. Does the server need and special headers to access the content on the xeoma web service?

Any thoughts on the matter?

Hello! Sorry for the late reply.

Thank you for this detailed description, the problem is clear now. We have added this issue to our list and we will try to find a solution as soon as possible. You can subscribe to our newsletter to stay tuned about new releases' changes & improvements, and be the first to know when the feature is added.

Hi there,

I got it working. My issue was I was adding an additional / which meant the full request URI was http://mydomain.com//xeoma/image.jpg which is why the xeoma web server was throwing 404.

It certainly would be more beneficial to improve the code so hard links are not used which makes it more proxy friendly. Thanks for your help.

For anyone else doing this here is my apache config:

----------------------------------------


# Reverse proxy for Xeoma

ProxyPass /xeoma http://localhost:10090
ProxyPassReverse /xeoma http://localhost:10090

# Modify the links inside xeoma content to make it accessible via external reverse proxy

AddOutputFilterByType SUBSTITUTE text/html
Substitute "s|http://localhost:10090|https://mydomain.com/xeoma|i"
Substitute "s|http://mydomain.com:10090|https://mydomain.com/xeoma|i"



----------------------------------------

Please note this is to reverse proxy xeoma behind a apache SSL reverse proxy.

Hi Team,

Was this ever resolved? Im about to have the exact same issue

Thanks

Admin_J Wrote:Hello! Sorry for the late reply.

Thank you for this detailed description, the problem is clear now. We have added this issue to our list and we will try to find a solution as soon as possible. You can [url=http://felenasoft.com/en/subscribe/]subscribe to our newsletter[/url] to stay tuned about new releases' changes & improvements, and be the first to know when the feature is added.

-- Update --

Still seems to be the case at 16.3.1

I also found I had to add a rewrite rule as follows to allow the archive viewer to function:

RewriteCond %{QUERY_STRING} ^(archive.*)$ [NC]
RewriteRule / http://localhost:10090/?%1 [P,L]


... the problem being the js issues requests to URLs like /?archive_frame=... which being absolute urls, don't match the proxy rules!

The bodge above works, but it's brittle as FS might change the URL in future.

To Felenasoft:
- Has there been any fix applied that I've missed?
- Do you intend to improve this?

Just noticed this:

Some of the cookie names the your web app sets are illegal:

For instance, you create cookies like:

fps:http://locahost:10090/video1.mjpeg

Now the URL section includes "/" and ":" neither of which are allowed according to the standard.

Browsers may be tolerant enough not to care, but this isn't the case for all servers you may be reverse-proxied behind.

Anything Python based will have problems, see https://docs.python.org/2/library/cookie.html

Thank you for pointing that out! We're working on the fix now.

Here's an apache 2.4 example:

Code: Select All Code

ProxyPass        /xeoma http://localhost:10090
ProxyPassReverse /xeoma http://localhost:10090
<Location "/xeoma">
        RequestHeader unset Accept-Encoding "expr=%{REQUEST_URI} =~ m#^/xeoma#"
        FilterDeclare XEOMA
        FilterProvider XEOMA SUBSTITUTE "%{CONTENT_TYPE} =~ m|^text/html|"
        FilterProvider XEOMA SUBSTITUTE "%{CONTENT_TYPE} =~ m|^text/css|"
        FilterProvider XEOMA SUBSTITUTE "%{CONTENT_TYPE} =~ m|^text/javascript|"
        FilterProvider XEOMA SUBSTITUTE "%{CONTENT_TYPE} =~ m|^application/javascript|"
        FilterChain XEOMA
        Substitute "s|http://localhost:10090|https://your.domain.com/xeoma|ni"
        Substitute "s|http://your.domain.com:10090|https://your.domain.com/xeoma|ni"
        Substitute 's|/?archive|?archive|n'
</Location>