Xeoma Web server - Behind Apache proxy

Xeoma Software

Moderators: Admin_N, Administrator, Admin_P, Admin_K

Xeoma Web server - Behind Apache proxy

Postby crusader998 » Tue Apr 29, 2014 6:37 am

Hi Team,

Trying to get the trial version working properly. everything works well but I am struggling getting the web server working behind a apache SSL reverse proxy as I have a major issue with the xeoma web interface open to internet with no encryption.

Here is the setup:

Server running xeoma with webport 10090
Server also has apache installed which does a reverse proxy of the xeoma web server to 443

So

Here is my apache config:

ProxyPass /xeoma http://localhost:10090/
ProxyPassReverse /xeoma http://localhost:10090/

This allows me to access the xeoma web interface via a public ip with https. e.g https://mydomain.com/xeoma

The only issue I have is that the images from the camera feeds do not show as the links are hard coded with http and port 10090. eg

http://mydomain:10090/xeoma/video0.mjpg?fps=1&oneframe=1&resolution=320x240&user&rnd=xxxxxxxx

Can you please help with getting xeoma working behind SSL. This is the only issue I have and only item stopping me from buying a commerical license

Many thanks,
crusader998
 
Posts: 4
Joined: Tue Apr 29, 2014 6:30 am

Re: Xeoma Web server - Behind Apache proxy

Postby crusader998 » Wed Apr 30, 2014 2:52 am

Is there a way I can force the scripts that generate the URI for the images and mjpegs to be static?

we can see in the source of the webpage:

<div id="content">
<ul id="videosources">
<li><a href="?source=68XXXXXX37322E3XXXXXXX02E3130303A31303039302F2XXXXX612F766964656F302E6D6A70673F75736572&stream=mjpeg"><img src="http://mydoamin:.com:10090/xeoma/video0.mjpg?fps=1&oneframe=1&resolution=320x240&user" onload="onImageUpdate(this)" onerror="onImageUpdate(this)" updated="0"><div>http://mydomain.com:10090/xeoma/video0.mjpg(4)</div></a></li>



is it possible to modify the javascript to force the http://mydomain.com:10090 to be https://mydomain.com:443

Ive had a look at the XeomaWeb Folder which has the scripts but I am unable to work out what would need to be modified
crusader998
 
Posts: 4
Joined: Tue Apr 29, 2014 6:30 am

Re: Xeoma Web server - Behind Apache proxy

Postby crusader998 » Wed Apr 30, 2014 12:53 pm

Hi guys,

after working some more with the apache proxy config I enabled mod_substitute to modify the links which works but the content still does not display

AddOutputFilterByType SUBSTITUTE text/html
Substitute "s|http://mydomain:10090|https://mydomain|i"

further analysis shows im getting a 404 error for some reason. Does the server need and special headers to access the content on the xeoma web service?

Any thoughts on the matter?
crusader998
 
Posts: 4
Joined: Tue Apr 29, 2014 6:30 am

Re: Xeoma Web server - Behind Apache proxy

Postby Admin_J » Wed Apr 30, 2014 6:32 pm

Hello! Sorry for the late reply.

Thank you for this detailed description, the problem is clear now. We have added this issue to our list and we will try to find a solution as soon as possible. You can subscribe to our newsletter to stay tuned about new releases' changes & improvements, and be the first to know when the feature is added.
Admin_J
 
Posts: 111
Joined: Tue Aug 13, 2013 12:19 pm

Re: Xeoma Web server - Behind Apache proxy

Postby crusader998 » Wed Apr 30, 2014 11:03 pm

Hi there,

I got it working. My issue was I was adding an additional / which meant the full request URI was http://mydomain.com//xeoma/image.jpg which is why the xeoma web server was throwing 404.

It certainly would be more beneficial to improve the code so hard links are not used which makes it more proxy friendly. Thanks for your help.

For anyone else doing this here is my apache config:

----------------------------------------


# Reverse proxy for Xeoma

ProxyPass /xeoma http://localhost:10090
ProxyPassReverse /xeoma http://localhost:10090

# Modify the links inside xeoma content to make it accessible via external reverse proxy

AddOutputFilterByType SUBSTITUTE text/html
Substitute "s|http://localhost:10090|https://mydomain.com/xeoma|i"
Substitute "s|http://mydomain.com:10090|https://mydomain.com/xeoma|i"



----------------------------------------

Please note this is to reverse proxy xeoma behind a apache SSL reverse proxy.
crusader998
 
Posts: 4
Joined: Tue Apr 29, 2014 6:30 am

Re: Xeoma Web server - Behind Apache proxy

Postby internat » Wed Oct 14, 2015 1:16 am

Hi Team,

Was this ever resolved? Im about to have the exact same issue :)

Thanks
internat
 
Posts: 1
Joined: Wed Oct 14, 2015 1:11 am

Re: Xeoma Web server - Behind Apache proxy

Postby pSimon » Mon Apr 04, 2016 10:09 am

Admin_J Wrote:Hello! Sorry for the late reply.

Thank you for this detailed description, the problem is clear now. We have added this issue to our list and we will try to find a solution as soon as possible. You can [url=http://felenasoft.com/en/subscribe/]subscribe to our newsletter[/url] to stay tuned about new releases' changes & improvements, and be the first to know when the feature is added.


-- Update --

Still seems to be the case at 16.3.1

I also found I had to add a rewrite rule as follows to allow the archive viewer to function:

RewriteCond %{QUERY_STRING} ^(archive.*)$ [NC]
RewriteRule / http://localhost:10090/?%1 [P,L]


... the problem being the js issues requests to URLs like /?archive_frame=... which being absolute urls, don't match the proxy rules!

The bodge above works, but it's brittle as FS might change the URL in future.

To Felenasoft:
- Has there been any fix applied that I've missed?
- Do you intend to improve this?
pSimon
 
Posts: 2
Joined: Mon Apr 04, 2016 9:49 am

Cookie Names

Postby pSimon » Mon Apr 04, 2016 1:35 pm

Just noticed this:

Some of the cookie names the your web app sets are illegal:

For instance, you create cookies like:

fps:http://locahost:10090/video1.mjpeg

Now the URL section includes "/" and ":" neither of which are allowed according to the standard.

Browsers may be tolerant enough not to care, but this isn't the case for all servers you may be reverse-proxied behind.

Anything Python based will have problems, see https://docs.python.org/2/library/cookie.html
pSimon
 
Posts: 2
Joined: Mon Apr 04, 2016 9:49 am

Re: Xeoma Web server - Behind Apache proxy

Postby Admin_N » Fri Apr 15, 2016 12:18 pm

Thank you for pointing that out! We're working on the fix now.
Admin_N
 
Posts: 797
Joined: Thu Mar 01, 2012 4:43 pm

Re: Xeoma Web server - Behind Apache proxy

Postby infernix » Thu Jul 20, 2017 3:07 pm

Here's an apache 2.4 example:

Code: Select All Code
ProxyPass        /xeoma http://localhost:10090
ProxyPassReverse /xeoma http://localhost:10090
<Location "/xeoma">
        RequestHeader unset Accept-Encoding "expr=%{REQUEST_URI} =~ m#^/xeoma#"
        FilterDeclare XEOMA
        FilterProvider XEOMA SUBSTITUTE "%{CONTENT_TYPE} =~ m|^text/html|"
        FilterProvider XEOMA SUBSTITUTE "%{CONTENT_TYPE} =~ m|^text/css|"
        FilterProvider XEOMA SUBSTITUTE "%{CONTENT_TYPE} =~ m|^text/javascript|"
        FilterProvider XEOMA SUBSTITUTE "%{CONTENT_TYPE} =~ m|^application/javascript|"
        FilterChain XEOMA
        Substitute "s|http://localhost:10090|https://your.domain.com/xeoma|ni"
        Substitute "s|http://your.domain.com:10090|https://your.domain.com/xeoma|ni"
        Substitute 's|/?archive|?archive|n'
</Location>
infernix
 
Posts: 4
Joined: Sat Jul 15, 2017 9:31 pm


Return to Xeoma - General discussion

Who is online

Users browsing this forum: Google [Bot] and 5 guests