goony
02-08-2007, 08:14 PM
If you have more than one Tivo/DTivo on your home LAN that is running TivoWeb/TivoWebPlus and you would like to access each of them from the internet, read on.
Note: If you mess up some of this stuff you could expose your home computers and Tivos to being compromised... DANGER... proceed at your own risk! You assume all responsibility from this point on!! You may wish to consult a network and systems expert before attempting any of this!!!
I am posting this here to share with others what worked for me in getting my Apache webserver configured so as to be able to service multiple units on my home network as remote user. Yours may require a different setup, software, hardware, etc.
Providing remote access for a single Tivo/DTivo is somewhat of a challenge, but to configure things for remote access to multiple boxes makes things much more complicated... basically, you have to re-write the HTML code for the links and images within the TivoWeb pages from each individual Tivo box before sending them back to the user browser. Example:
<a href="/info">
This is what a native TivoWeb link HTML code might look like on your home LAN browser
<a href="http://supergoon.dyndns.org/tivo1/info">
This is what the same link HTML code might look like on a browser on the internet
Below are the relevant sections of my Apache webserver (running on Linux on an old PC) configuration. I am not providing the details on the other necessary precursor steps such as
Creating the Linux (or other) platform to run the Apache webserver
Installation, configuration and proper security settings on your webserver or firewall/router boxes
Installing or building the Apache webserver software
Setup of web username/password authentication within the Apache server
To learn the above you will need to consult other websites which should contain more than enough information than I could post in this topic.
I do provide some generic comments on some items other than the actual Apache configs... see my text below.
I will try to answer any questions that you may have, but no guarantees that I'll have the answers... this is what I put together and it works very well 100% of the time for me, but your experiences may differ.
Here goes:
Here are the relevant parts of my Apache config files that permit me to access my Tivo boxes via incoming 443 connection - I've cut out the "ordinary stuff" from the config files and have only included the parts that deal with the incoming Tivo access. This assumes you have some knowledge of Apache + SSL and how to build/install the needed module(s).
First, the firewall/router needs to be setup for forward any incoming (from out on the internet) port 443 (SSL/https) connection requests to the IP address of the server that is running Apache. I allow no other inbound ports to be opened, not even port 80 (regular http) traffic.
Each time your DSL or cable modem does a reconnect to the internet your network provider may give you a different IP address. This can be problematic if you are trying to access your home network firewall/router from somewhere on the internet.
To solve this problem I use a free "dyndns.org" account which gives me a consistent name to connect to and be able to reach my home router no matter what address it is currently at.
I put my dyndns.org userid/password for dyndns.org into my Linksys BEFSX41 router/firewall (it has a provision for this - not all router/firewalls do). If your router doesn't support this then you will need to add a client program on one of your home PCs (available as download from the dyndns.org website) to periodically contact their server and report your IP address.
Each time my router/firewall makes a new DSL connection it reports its current IP address back to the dyndns.org "mother ship", thus I can always access my home Tivos using the IP name that I chose when I setup my dyndns.org account, e.g.
https://supergoon.dyndns.org/tivo1/
https://supergoon.dyndns.org/tivo2/
https://supergoon.dyndns.org/tivo3/
An SSL/https session is now established between my browser and my Apache server. Any access to the above URLs causes a prompting for username/password authentication from the Apache server. Once authenticated, the Apache server accesses the appropriate Tivo (running TivoWebPlus) on my home LAN.
From then on out the Apache server is the "go-between" for my browser on the internet and each of my Tivo boxes; the Apache box takes care of rewriting the web pages so that during remote access everything looks and acts the same on the screen as it does when I am accessing the Tivos from a web browser on my home LAN.
The proxy_html module takes care of rewriting the links within the page so that what comes from each of the Tivo boxes ends up with the proper hrefs to access each individual page from each Tivo box.
#------------------ from httpd.conf (main config file)
...
# at the bottom of the "load modules" section
# I'm not sure I remember which of these the Tivo stuff is using, so
# here are all of the "proxy-ish" modules I am loading
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
#added 02-Jan-05 for mod_proxy_html - this one I had to build special
# - was not part of regular Apache modules (if I recall correctly)
LoadFile /usr/lib/libxml2.so
LoadModule proxy_html_module modules/mod_proxy_html.so
#------------------- from ssl.conf (config file for the SSL/https)
...
##
## SSL Virtual Host Context
##
<VirtualHost _default_:443>
...
# 02Jan05 - For Tivo stuff
<Location /tivo1/>
ProxyPassReverse /
SetOutputFilter proxy-html
ProxyHTMLURLMap / /tivo1/
ProxyHTMLURLMap /tivo1 /tivo1
RequestHeader unset Accept-Encoding
</Location>
<Location /tivo2/>
ProxyPassReverse /
SetOutputFilter proxy-html
ProxyHTMLURLMap / /tivo2/
ProxyHTMLURLMap /tivo2 /tivo2
RequestHeader unset Accept-Encoding
</Location>
<Location /tivo3/>
ProxyPassReverse /
SetOutputFilter proxy-html
ProxyHTMLURLMap / /tivo3/
ProxyHTMLURLMap /tivo3 /tivo3
RequestHeader unset Accept-Encoding
</Location>
...
#tivo stuff added
<IfModule mod_proxy.c>
ProxyRequests Off
ProxyPass /tivo1 http://192.168.20.70 #addresses of Tivos on home LAN
ProxyPass /tivo2 http://192.168.20.71
ProxyPass /tivo3 http://192.168.20.72
ProxyHTMLURLMap http://192.168.20.70 /tivo1
ProxyHTMLURLMap http://192.168.20.71 /tivo2
ProxyHTMLURLMap http://192.168.20.72 /tivo3
<Proxy *>
Order Deny,Allow
Allow from All
AuthType Basic
AuthName "Valid ID Please"
AuthUserFile /etc/httpd/conf/tivopasswd
Require valid-user
</Proxy>
</IfModule>
</VirtualHost>
Note: If you mess up some of this stuff you could expose your home computers and Tivos to being compromised... DANGER... proceed at your own risk! You assume all responsibility from this point on!! You may wish to consult a network and systems expert before attempting any of this!!!
I am posting this here to share with others what worked for me in getting my Apache webserver configured so as to be able to service multiple units on my home network as remote user. Yours may require a different setup, software, hardware, etc.
Providing remote access for a single Tivo/DTivo is somewhat of a challenge, but to configure things for remote access to multiple boxes makes things much more complicated... basically, you have to re-write the HTML code for the links and images within the TivoWeb pages from each individual Tivo box before sending them back to the user browser. Example:
<a href="/info">
This is what a native TivoWeb link HTML code might look like on your home LAN browser
<a href="http://supergoon.dyndns.org/tivo1/info">
This is what the same link HTML code might look like on a browser on the internet
Below are the relevant sections of my Apache webserver (running on Linux on an old PC) configuration. I am not providing the details on the other necessary precursor steps such as
Creating the Linux (or other) platform to run the Apache webserver
Installation, configuration and proper security settings on your webserver or firewall/router boxes
Installing or building the Apache webserver software
Setup of web username/password authentication within the Apache server
To learn the above you will need to consult other websites which should contain more than enough information than I could post in this topic.
I do provide some generic comments on some items other than the actual Apache configs... see my text below.
I will try to answer any questions that you may have, but no guarantees that I'll have the answers... this is what I put together and it works very well 100% of the time for me, but your experiences may differ.
Here goes:
Here are the relevant parts of my Apache config files that permit me to access my Tivo boxes via incoming 443 connection - I've cut out the "ordinary stuff" from the config files and have only included the parts that deal with the incoming Tivo access. This assumes you have some knowledge of Apache + SSL and how to build/install the needed module(s).
First, the firewall/router needs to be setup for forward any incoming (from out on the internet) port 443 (SSL/https) connection requests to the IP address of the server that is running Apache. I allow no other inbound ports to be opened, not even port 80 (regular http) traffic.
Each time your DSL or cable modem does a reconnect to the internet your network provider may give you a different IP address. This can be problematic if you are trying to access your home network firewall/router from somewhere on the internet.
To solve this problem I use a free "dyndns.org" account which gives me a consistent name to connect to and be able to reach my home router no matter what address it is currently at.
I put my dyndns.org userid/password for dyndns.org into my Linksys BEFSX41 router/firewall (it has a provision for this - not all router/firewalls do). If your router doesn't support this then you will need to add a client program on one of your home PCs (available as download from the dyndns.org website) to periodically contact their server and report your IP address.
Each time my router/firewall makes a new DSL connection it reports its current IP address back to the dyndns.org "mother ship", thus I can always access my home Tivos using the IP name that I chose when I setup my dyndns.org account, e.g.
https://supergoon.dyndns.org/tivo1/
https://supergoon.dyndns.org/tivo2/
https://supergoon.dyndns.org/tivo3/
An SSL/https session is now established between my browser and my Apache server. Any access to the above URLs causes a prompting for username/password authentication from the Apache server. Once authenticated, the Apache server accesses the appropriate Tivo (running TivoWebPlus) on my home LAN.
From then on out the Apache server is the "go-between" for my browser on the internet and each of my Tivo boxes; the Apache box takes care of rewriting the web pages so that during remote access everything looks and acts the same on the screen as it does when I am accessing the Tivos from a web browser on my home LAN.
The proxy_html module takes care of rewriting the links within the page so that what comes from each of the Tivo boxes ends up with the proper hrefs to access each individual page from each Tivo box.
#------------------ from httpd.conf (main config file)
...
# at the bottom of the "load modules" section
# I'm not sure I remember which of these the Tivo stuff is using, so
# here are all of the "proxy-ish" modules I am loading
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
#added 02-Jan-05 for mod_proxy_html - this one I had to build special
# - was not part of regular Apache modules (if I recall correctly)
LoadFile /usr/lib/libxml2.so
LoadModule proxy_html_module modules/mod_proxy_html.so
#------------------- from ssl.conf (config file for the SSL/https)
...
##
## SSL Virtual Host Context
##
<VirtualHost _default_:443>
...
# 02Jan05 - For Tivo stuff
<Location /tivo1/>
ProxyPassReverse /
SetOutputFilter proxy-html
ProxyHTMLURLMap / /tivo1/
ProxyHTMLURLMap /tivo1 /tivo1
RequestHeader unset Accept-Encoding
</Location>
<Location /tivo2/>
ProxyPassReverse /
SetOutputFilter proxy-html
ProxyHTMLURLMap / /tivo2/
ProxyHTMLURLMap /tivo2 /tivo2
RequestHeader unset Accept-Encoding
</Location>
<Location /tivo3/>
ProxyPassReverse /
SetOutputFilter proxy-html
ProxyHTMLURLMap / /tivo3/
ProxyHTMLURLMap /tivo3 /tivo3
RequestHeader unset Accept-Encoding
</Location>
...
#tivo stuff added
<IfModule mod_proxy.c>
ProxyRequests Off
ProxyPass /tivo1 http://192.168.20.70 #addresses of Tivos on home LAN
ProxyPass /tivo2 http://192.168.20.71
ProxyPass /tivo3 http://192.168.20.72
ProxyHTMLURLMap http://192.168.20.70 /tivo1
ProxyHTMLURLMap http://192.168.20.71 /tivo2
ProxyHTMLURLMap http://192.168.20.72 /tivo3
<Proxy *>
Order Deny,Allow
Allow from All
AuthType Basic
AuthName "Valid ID Please"
AuthUserFile /etc/httpd/conf/tivopasswd
Require valid-user
</Proxy>
</IfModule>
</VirtualHost>