User Tools

Site Tools


Sidebar

en:documentation:proxy

Apache reverse proxy

The Apache reverse proxy can be used to secure the connection when you access resources over the Internet. This concern the CCDciel Status page and the ASCOM Remote devices.

You need a Apache web server running on a device accessible from the Internet, use the NAT configuration of your Internet router to forward the port 443 to this device.

Setup a default SSL Apache configuration, setup Let's Encrypt to get a certificate,

CCDciel status page

Install the module proxy_http in your Apache web server and add the following to a SSL virtual host configuration:

      <Proxy *>
              Require all granted
      </Proxy>
      <Location /ccdciel/>
           AuthName "protected area"
           AuthType Basic
           AuthUserfile /.../.htpasswd
           Require user myuser
           ProxyPass http://192.168.1.10:3277/
           ProxyPassReverse http://192.168.1.10:3277/
      </Location>

Where “/…/.htpasswd” is the password file, “myuser” a user name in this file, “192.168.1.10” the IP address of the observatory computer running CCDciel.
Use the htpasswd command to generate the password file.
You can now access this page with the URL: https://myhome.server.dynamic.ip/ccdciel/ , give the password for myuser … et voila.

ASCOM Remote Server

Use a configuration similar to above:

      <Location /api/>
           AuthName "protected area"
           AuthType Basic
           AuthUserfile /.../.htpasswd
           Require user myuser
           ProxyPass http://192.168.1.104:11111/api/
           ProxyPassReverse http://192.168.1.104:11111/api/
      </Location>

The password file and user is the same as above, “192.168.1.104” is the IP address of the computer running the ASCOM Remote Server on port 11111.
To use this connection, setup the ASCOM remote protocol to https, the host to the IP of the web server, the port to 443 and the user/password defined in the .htpasswd file.

The ASCOM remote password is stored in the CCDciel configuration in the .credential file. It is not stored in clear text but it is better if you protect this file in some way, for example: chmod 600. And most important do not reuse the same password elsewhere.

en/documentation/proxy.txt · Last modified: 2019/02/24 14:09 by pch