MythWeb - protocol relative URL in the HTML - easier to use SSL with a reverse proxy like nginx

What would you like to see in MythTV and why? Find others who might want to help implement your ideas!
Forum rules
Please be reasonable and positive with your feature requests, remember that all contributions to MythTV are by volunteers in their spare time. MythTV won't support piracy in any form, including torrents and use of soft cams, so to avoid embarrassment please do not ask.

* One suggestion per thread please. Do not post new suggestions in replies. *
Post Reply
enzymes
Newcomer
Posts: 1
Joined: Thu Jan 21, 2021 9:40 am
Australia

MythWeb - protocol relative URL in the HTML - easier to use SSL with a reverse proxy like nginx

Post by enzymes » Thu Jan 21, 2021 11:53 am

Hi,

A few code changes in MythWeb will change the URLs to protocol relative URLs. This makes it much easier to put MythWeb behind a reverse proxy (like nginx) and add the security of SSL certificates.

All the links in MythWeb are hardwired as http (ie., insecure) as they include the full URL and protocol in all links / src references.

They should have the http:removed, so they look like this in the HTML:

Code: Select all

//my-public-domain/mythweb/tv/list
The benefit is that the pages will function is the webserver has SLL enabled or not AND if a reverse proxy has SSL enabled or not.

How I changed some code to fix this

In the folder /usr/share/mythtv/mythweb/includes I made the following changes

defines.php

Code: Select all

    //    $root_url = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 'https://' : 'http://';
    $root_url = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? '//' : '//';
skin.php

Code: Select all

    //    define('skin_url',      'skins/'.skin.'/' );
    //    define('skin_img_url',  skin_url.'img/' );
    define('skin_url',      root_url.'skins/'.skin.'/' );
    define('skin_img_url',  skin_url.'img/' );
In my testing today, it seems to work perfectly. I can use nginx to point to the MythWeb server, using this configuration:

Code: Select all

	# Redirect http to https for this domain
    server {
                listen      80;
                server_name my-public-domain;
                rewrite     ^   https://$server_name$request_uri? permanent;
                }

    server {
        listen 443 ssl;
        server_name my-public-domain;
                ssl_certificate /etc/letsencrypt/live/my-public-domain/fullchain.pem;
                ssl_certificate_key /etc/letsencrypt/live/my-public-domain/privkey.pem;
        location / {
            proxy_set_header   X-Real-IP        $remote_addr;
            proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
            proxy_set_header   Host             $host;
            proxy_pass http://INTERNAL-HOST-OF-MYTHWEB;
                }
        # Ask robots to ignore this domain
        location /robots.txt {
                add_header Content-Type text/plain;
                return 200 "User-agent: *\nDisallow: /\n";
                }

        }
This would be super helpful :D

User avatar
stuarta
Developer
Posts: 217
Joined: Wed Feb 05, 2014 5:13 pm
Great Britain

Re: MythWeb - protocol relative URL in the HTML - easier to use SSL with a reverse proxy like nginx

Post by stuarta » Fri Jan 29, 2021 2:26 pm

You should not need to do that, mythweb will generate the correct URL's.

I have nginx terminating with SSL, and forwarding to php-fpm to generate the web pages. What/where does nginx forward the mythweb traffic to?

natuk
Newcomer
Posts: 1
Joined: Tue Apr 20, 2021 8:23 pm
Wales

Re: MythWeb - protocol relative URL in the HTML - easier to use SSL with a reverse proxy like nginx

Post by natuk » Thu Apr 22, 2021 8:16 pm

The same has happened in my case as well when trying to reverse proxy on Apache. MythWeb serves mixed content. The main page is under https but many assets are loaded under http. Requesting these assets directly under https works fine, so somewhere MythWeb is missing the https.

Setting $root_url to 'https://' in /includes/defines.php solves the problem so I am thinking that the conditions checked over here:

Code: Select all

$root_url = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 'https://' : 'http://';
are not complete (?)

Post Reply