Jump to content

RS 1.33 - Reverse proxy and m3u stream ip address


marianob85

Recommended Posts

Hi,

 

RecordingService 1.33 few questions:

 

1) After execute RSTweaker.bat I can not find options like: Original client address, Reverse proxy “outside” address, Reverse Proxy URL, Password handling

2) Is it possible to include server domain in m3u files generated by WebServer ( HTTP Single Stream ) ? I've always get localhost in url event if "Use Web Server URL's in M3U playlists" is enable. ( It also relates to port ) - I'm using reverse proxy to access dvb server by domain name aa.bbb.com:443 -> 192.168.1.x:1234

 

Regards,

Mariusz

Edited by marianob85
Link to comment

The first necessary tweak is Reverse Proxy IP (set it to 127.0.0.1 if the proxy runs on the same PC), to tell the RS the you are using a Reverse Proxy

The tweak “Reverse Proxy IP” (→ launch RSTweaker.bat) enables Reverse Proxy support and specifies the reverse proxy “inside” IP as seen by the Web Server. From its point of view the reverse proxy is the only client. If (and only if) the configured reverse proxy IP matches the IP of a client request the Web Server assumes that reverse proxy is involved and triggers additional measures described below. Typically a Reverse Proxy that is used for private purpose will reside on the same PC as the Recording Service, so its “inside” IP address is simply 127.0.0.1.


If the proxy sets "x-forwarded-proto", "x-forwarded-host", "x-forwarded-port" and "x-forwarded-path" that could be enough to get the correct URL in the play-list. If you retrieve it via the proxy.

If the Proxy doesn't provide the information about the external address. You can specify it via Reverse Proxy URL.

 

The tweak “Reverse Proxy URL” (→ launch RSTweaker.bat) specifies the "outside" URL of the reverse proxy as used by clients. This setting only takes effect if reverse proxy support is enabled (see above). It overrides the information provided by the “x-forwarded-xxxx” headers (except “x-forwarded-for”, of course). However, the Web server also accepts a partially specified URL. If parts are missing (protocol, host, port or path, not all may be relevant) the web server reads them from headers added by the reverse proxy, if available, or uses defaults like HTTP for the protocol.

 

But the proxy need to set the "x-real-ip" or "x-forwarded-for" header for connections it forewords to the RS.

Link to comment

Sorry, there seems to a bug in the file TweaksRS.ini, so the "Reverse Proxy URL" tweak is missing. Please replace the file in your RS installation by the attached one.

 

"Reverse Proxy IP" and "Reverse Proxy URL" are the only Reverse Proxy related tweaks. Other terms like "original client address" are just for explanation.

TweaksRS.ini

Link to comment

Thx. I will check it later because right now I'm fight with reverse proxy on IIS :/

I'm not familiar with reverse proxy so I'm trying figure out why 'x-forwarded-xxxx' headers are not passed correctly.

Link to comment

Ok, I gave up.

 

IIS is working on the same PC with RS.

 

Reverse Proxy IP and Reverse Proxy URL set to: 127.0.0.1 / test.mydomain.com

 

According to this one: https://blogs.msdn.microsoft.com/benjaminperkins/2015/05/04/passing-client-ip-to-a-server-in-the-web-farm-using-application-request-router/ the 'X-Forwarded-For' header should be available in RS service.

I've also tried to add server variables to IIS for other x-forwarded- data but without luck .

 

Maybe You can provide a version which can deliver some diagnostics data or even better provide some help how to set up IIS. ( like I said, i'm not familiar with reverse proxy functionality )

 

M3U file from web service still provide address with localhost:

http://user:pass@localhost:83/upnp/channelstream/2342468687515232527%7CHBO%20HD.ts

Link to comment

I don't know IIS that well to describe ale steps there.

But with a different server I can give you a step by step guide

Download Caddy (Core) https://caddyserver.com/

create a text file called Caddyfile

http://127.0.0.1:1234, http://localhost:1234

proxy /rs 127.0.0.1:8089 {
proxy_header Host {host}
proxy_header X-Real-IP {remote}
proxy_header X-Forwarded-Host {host}
proxy_header X-Forwarded-Proto {scheme}
proxy_header X-Forwarded-Path /rs

 

without /rs
}

 

redir /rs /rs/ 302

gzip

log caddy-access.log
errors caddy-error.log

(caddy includes the port in "host" therefore you should not set X-Forwarded-Port)

and place it in the folder with the caddy.exe and run the caddy.exe.

Now you can reach the RS web interface via http://127.0.0.1:1234/rs/ and http://localhost:1234/rs/

(If Caddy asks for a eMail address, you have specified a address which could be reached via https and Caddy tyres to generate a valid Let's Encrypt certificate for it. Not many DDNS services are supported by Let's Encrypt)

More about the configuration here: https://caddyserver.com/docs

Edited by Tjod
Link to comment

Great, Thanks for the details description.

 

I installed debian on VirtualMachine with apache and php. With sample script

 

<?php

var_dump(header_list());

?.

 

I was able to print all available header variables.

I've also installed Caddy according to Your description and after a while of comparing headers output, I was able to make IIS to work with RS reverse proxy.

 

So in short - configuration for IIS:

 

ApplicationRequestRoutingCache->ServerProxySettings:

  • Checked: Reverse rewrite host in response headers
  • Preserve client IP in the following headers: "X-Forwarded-For"
  • Unchecked: Include TCP port from client IP

Sample configuration for URL Rewrite ( for specify WebSite ):

 

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="ReverseProxyInboundRule1" stopProcessing="false">
<match url="(.*)" />
<action type="Rewrite" url="http://localhost:8089/{R:1}" logRewrittenUrl="false" />
<serverVariables>
<set name="HTTP_X_FORWARDED_HOST" value="{HTTP_HOST}" />
<set name="HTTP_X_FORWARDED_PROTO" value="http" />
</serverVariables>
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>

 

That's all. It seems to working correctly.

Link to comment
×
×
  • Create New...